ProLiant Servers (ML,DL,SL)

System Management Homepage and SSL Certificates

 
SOLVED
Go to solution
jfronius
Visitor

System Management Homepage and SSL Certificates

Good day!

I'm looking into remediation of a vulnerability for self-signed certificates on our Systems Management Homepage.

I've found how to do the remediation manually, individually for a server, but I have about 3500 servers to remediate.  I'm interested to see if HPE has a method of creating the CSR by script, and we can submit the requests to our CA.

6 REPLIES 6
mattscratt
New Member

Re: System Management Homepage and SSL Certificates

Facing the same challenge, do you mind posting your manual process and it might help out with the scripting question. 

jfronius
Visitor

Re: System Management Homepage and SSL Certificates

https://community.spiceworks.com/how_to/2899-replace-the-ssl-certificate-for-hp-system-management-homepage-with-a-ca-generated-one

You can follow the steps above.  Generate the CSR, submit it to your CA, download the certificate.  Replace it at C:\hp\sslshare\cert.pem.  Stop/start the service and you're done.

Now I just need a way to generate, submit, and download 3500 CSRs!

KishJ
HPE Pro

Re: System Management Homepage and SSL Certificates

Greetings,

I understand applying such steps on 3500 servers going to be a daunting task. I am sorry, I could not find any script in our knowledge base to automate such sequences. 

You may think of doing something using scripts based on commands available in "How to setup your own Certificate Authority using OpenSSL"  -https://internal.support.hpe.com/hpesc/public/docDisplay?docId=c00905526

Hope it helps, all the best. 


I am a HPE Employee

Accept or Kudo

jfronius
Visitor

Re: System Management Homepage and SSL Certificates

Doesn't look like I can get into that page.  Is that an internal HPE only site?  I've tried signing in with my HPE support account at that site and no luck.

jfronius
Visitor
Solution

Re: System Management Homepage and SSL Certificates

I've found some other resources on openssl.  Looks like I can generate the CSR with openssl and submit it to my CA.

.\openssl.exe req -key c:\hp\sslshare\file.pem -new -out c:\hp\sslshare\server.csr -subj "/C=US/ST=State/L=City/O=Company/OU=IT/CN=servername"

Move-Item  c:\hp\sslshare\cert.pem  c:\hp\sslshare\cert.pem.old

.\certreq.exe -submit -config servername.company.com\servername -attrib "CertificateTemplate:WebServer" c:\hp\sslshare\server.csr c:\hp\sslshare\cert.pem

Stop/start the System Management Homepage service and it's replaced

KishJ
HPE Pro

Re: System Management Homepage and SSL Certificates

Greetings,

Many thanks for sharing the steps that helped you.

I am sorry, not sure why the public document could not be accessed via the link.

Regards,


I am a HPE Employee

Accept or Kudo