ProLiant Servers (ML,DL,SL)
cancel
Showing results for 
Search instead for 
Did you mean: 

System Management Homepage and SSL Certificates

 
SOLVED
Go to solution
Highlighted
Visitor

System Management Homepage and SSL Certificates

Good day!

I'm looking into remediation of a vulnerability for self-signed certificates on our Systems Management Homepage.

I've found how to do the remediation manually, individually for a server, but I have about 3500 servers to remediate.  I'm interested to see if HPE has a method of creating the CSR by script, and we can submit the requests to our CA.

6 REPLIES 6
Highlighted
New Member

Re: System Management Homepage and SSL Certificates

Facing the same challenge, do you mind posting your manual process and it might help out with the scripting question. 

Highlighted
Visitor

Re: System Management Homepage and SSL Certificates

https://community.spiceworks.com/how_to/2899-replace-the-ssl-certificate-for-hp-system-management-homepage-with-a-ca-generated-one

You can follow the steps above.  Generate the CSR, submit it to your CA, download the certificate.  Replace it at C:\hp\sslshare\cert.pem.  Stop/start the service and you're done.

Now I just need a way to generate, submit, and download 3500 CSRs!

Highlighted
HPE Pro

Re: System Management Homepage and SSL Certificates

Greetings,

I understand applying such steps on 3500 servers going to be a daunting task. I am sorry, I could not find any script in our knowledge base to automate such sequences. 

You may think of doing something using scripts based on commands available in "How to setup your own Certificate Authority using OpenSSL"  -https://internal.support.hpe.com/hpesc/public/docDisplay?docId=c00905526

Hope it helps, all the best. 


I am a HPE Employee

Accept or Kudo

Highlighted
Visitor

Re: System Management Homepage and SSL Certificates

Doesn't look like I can get into that page.  Is that an internal HPE only site?  I've tried signing in with my HPE support account at that site and no luck.

Highlighted
Visitor
Solution

Re: System Management Homepage and SSL Certificates

I've found some other resources on openssl.  Looks like I can generate the CSR with openssl and submit it to my CA.

.\openssl.exe req -key c:\hp\sslshare\file.pem -new -out c:\hp\sslshare\server.csr -subj "/C=US/ST=State/L=City/O=Company/OU=IT/CN=servername"

Move-Item  c:\hp\sslshare\cert.pem  c:\hp\sslshare\cert.pem.old

.\certreq.exe -submit -config servername.company.com\servername -attrib "CertificateTemplate:WebServer" c:\hp\sslshare\server.csr c:\hp\sslshare\cert.pem

Stop/start the System Management Homepage service and it's replaced

Highlighted
HPE Pro

Re: System Management Homepage and SSL Certificates

Greetings,

Many thanks for sharing the steps that helped you.

I am sorry, not sure why the public document could not be accessed via the link.

Regards,


I am a HPE Employee

Accept or Kudo