- Community Home
- >
- Servers and Operating Systems
- >
- HPE ProLiant
- >
- Server Management - Remote Server Management
- >
- Re: iLO3 - security issue. Jumping from port 80 to...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-18-2013 02:06 AM - edited 03-18-2013 02:12 AM
03-18-2013 02:06 AM - edited 03-18-2013 02:12 AM
iLO3 - security issue. Jumping from port 80 to 443
Hi,
I have G7 blade with iLO3. I have current firmware 1.55 from 24.01.2013.
I have problem with accessing Integrated Remote Console (.NET) and Remote Console (Java).
Problem is already narroved to jumping from port 443 to 80 when I try to connect - please check screenshot.
https://www.dropbox.com/s/nbt7c1hx8hd73q1/iLO3.jpg
How this can be prevented? Why is it behaving like that? Is it possible to disable port 80?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-18-2013 06:51 AM - edited 03-18-2013 06:54 AM
03-18-2013 06:51 AM - edited 03-18-2013 06:54 AM
Re: iLO3 - security issue. Jumping from port 80 to 443
In order to allow SSL/TLS protocol to work, iLO comes by default with a SSL Self-Signed Certificate that iLO presents to the browsers during the initial SSL/TLS handshake.
But, self-signed certificates are not to be trusted as anybody can create one and impersonate somebody else's webserver. This is why you are getting warnings from these browsers. What you need to do, is to get a "real" SSL Certificate signed by a trusted Certificate Authority and import that certificate into iLO3.
Check the iLO3 User Guide, page 44 for more details:
http://bizsupport2.austin.hp.com/bc/docs/support/SupportManual/c02774507/c02774507.pdf
__________________________________________________
If you feel this was helpful please click the KUDOS! thumb below!
- Tags:
- certificate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-18-2013 07:18 AM
03-18-2013 07:18 AM
Re: iLO3 - security issue. Jumping from port 80 to 443
Hi Oscar,
I disagree. Self signed certificates are same as normal ones with exception that they are not signed by CA.
In iLO documentation there is no word that Self signed certificates are worse than CA signed. As I wrote - problem is that communication is jumping from 443 to 80 and then to 443 back.
I checked that with network team - see below:
Mar 15 16:36:42 NETWORKMGMT Mar 15 2013 16:36:41: %FWSM-4-106023: Deny tcp src inside:IPADDRESS/30750 dst DST-NET:IPADDRESS/80 by access-group "access-group" [0x0, 0x0]
I asked them to allow just for few minutes port 80 and iLO worked fine so certificate is not a case.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-18-2013 08:09 AM
03-18-2013 08:09 AM
Re: iLO3 - security issue. Jumping from port 80 to 443
what happens if you go directly to the iLO instead of launching from within the OA? Trying to help isolate where port 80 might be getting thrown into the mix. I did check on a couple of my systems this morning launching from the OA and didn't get the unsecure warning, just the normal certificate check.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-18-2013 09:05 AM
03-18-2013 09:05 AM
Re: iLO3 - security issue. Jumping from port 80 to 443
Well,
this warning I got only on IE6 (don't laugh ;) ) but I tested it on Firefox and IE8 / IE9 as well - no warning about "unsecure" but I am timed out.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-18-2013 10:47 AM - edited 03-18-2013 10:49 AM
03-18-2013 10:47 AM - edited 03-18-2013 10:49 AM
Re: iLO3 - security issue. Jumping from port 80 to 443
@wojcieh wrote:Well,
this warning I got only on IE6 (don't laugh ;) ) but I tested it on Firefox and IE8 / IE9 as well - no warning about "unsecure" but I am timed out.
OK, did you try accessing iLO direct, or are you still launching from the OA?
Also you can launch the .net IRC application directly as it is now a .exe file. Here is an article provides more detail and a link to the application
http://hpproliant.blogspot.com/2012/02/hp-lights-out-stand-alone-remote.html