ProLiant Servers (ML,DL,SL)
cancel
Showing results for 
Search instead for 
Did you mean: 

iLO - Secure Socket Layer (SSL) Expired Certificate

Bfrisan
Occasional Contributor

iLO - Secure Socket Layer (SSL) Expired Certificate

Have a server being flagged with the following vulnerabiity on my iLO nic:

Secure Socket Layer (SSL) Expired Certificate

Recommendation: Replace the expired certificate with a new, valid certificate.

 

iLO Software 4.5.0.0

iLO Firmware: 3 1.82

 

If downgrade to iLO Firmware: 3 1.80 vulnerability goes away but get flagged for other vulnerabilities cause it's not at the latest version.  Upgrade back up to 3 1.82 and cert does not get updated and is being flagged.

 

Any ideas/suggestions??

 

 

1 REPLY
Oscar A. Perez
Honored Contributor

Re: iLO - Secure Socket Layer (SSL) Expired Certificate

You probably still have the iLO default Self-Signed SSL Certificate in place.  

 

Just like the default Administrator password that comes printed on the Toe-Tag that you problably already changed with your own admin password, users are also supposed to replace the iLO default SSL certificate with a "trusted" SSL Certificate signed by your own Certification Authority as soon as iLO is configured.

 

Why is this important? Because Self-Signed SSL Certificates make you vulnerable to Man-In-The-Middle attacks.  So, get those self-signed certs replaced as soon as you can.  

 

If you don't have a Certification Authority in your organization, you need to create a Root CA and also a subordinate CA that will sign the iLO CSRs.

 

Refer to the iLO user guide for more information about how to import SSL Certificates into iLO.

http://h20628.www2.hp.com/km-ext/kmcsdirect/emr_na-c02774507-6.pdf

 

 

 

 




__________________________________________________
If you feel this was helpful please click the KUDOS! thumb below!