- Community Home
- >
- Networking
- >
- Legacy
- >
- PCM
- >
- ProCurve manager hardening - port 51111
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-23-2014 07:01 AM - last edited on 05-25-2014 07:05 PM by Lisa198503
05-23-2014 07:01 AM - last edited on 05-25-2014 07:05 PM by Lisa198503
ProCurve manager hardening - port 51111
Hello all,
During PCI audit we have such request from auditors:
xxx.xxx.xxx.xxx 51111 Unique Test Issue: Weak hash algorithms active Measure: Use strong hash algorithms
xxx.xxx.xxx.xxx 51111 Unique Test Issue: Weak encryption ciphers active Measure: Deactivate weak ciphers
On this ports works PCM agent. According technical literature this alert is caused by self-signed certificate produced from PCM.
Do you have an information - is it possible to use external CA signed certificate for PCM agent?
Or can I request statement from HP that it is not possible to change and it is not an issue.
Thank you in advance!
P.S. This thread has been moved from ProCurve / ProVision-Based to PCM. -HP Forum Moderator
- Tags:
- certificate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-24-2014 02:31 AM
05-24-2014 02:31 AM
Re: ProCurve manager hardening - port 51111
It doesn't appear to support external certificates. If you update to the latest version and regenerate the certificate , it might generate a longer key/better algorithm by default. However I am only guesssing.
What I would do is:
1. If you have paid support, open a proper ticket. If you have the paid for PCM+, that is.
2. Consider a plan to migrate off PCM, as it's heading for EOL. I imagine the auditors will be less than happy if they find an issue with it and it's unsupported software.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-25-2014 08:16 PM - edited 05-25-2014 08:19 PM
05-25-2014 08:16 PM - edited 05-25-2014 08:19 PM
Re: ProCurve manager hardening - port 51111
>this alert is caused by self-signed certificate produced from PCM.
Did it have any details about what was wrong? Typically if there is an issue with self-signed vs CA, it would say that.
Not "weak hash algorithms" or "weak encryption ciphers". A certificate does have a encryption key length but again, it ideally should mention that.
This means these are controlled by the software, not the certificate.
If you would like an analysis of your certificate, you can attach it on a reply.
>... it is not an issue.
I would assume it's an issue, unless your management network is behind a firewall.