SSL Certificate expiry (286 Views)
Reply
Super Advisor
Fauziah Mahdan
Posts: 416
Registered: ‎12-03-2002
Message 1 of 3 (286 Views)

SSL Certificate expiry

Hi all,

Need advice
From penetration report mention that my hpux 11.31 server ssl cert is expired.
When I check with the app vendor (it is a db server) the app did not use ssl and https.
So how can the peneytation detect this ssl cert expired? How to disable this?
Please use plain text.
Honored Contributor
Matti_Kurkela
Posts: 6,271
Registered: ‎12-02-2001
Message 2 of 3 (286 Views)

Re: SSL Certificate expiry

HP-UX 11.31 has a built-in Web management utility: the System Management Homepage (SMH). It uses SSL/https in port 2381. This is probably what the "penetration report" refers to.

Normally SMH auto-generates a self-signed SSL certificate when the OS is installed. This will eventually expire.

The simplest way to refresh SMH's default SSL certificate is to run:

swconfig -x reconfigure=true SysMgmtHomepage

This will produce a new self-signed SSL certificate for SMH.


If you want to use a certificate issued by a Certificate Authority (e.g. if your organization has a private SSL CA that is automatically recognized by your organization's systems), you should use SMH's certificate configuration functions instead of the above command line to refresh the certificate.

For more information about using CA-issued certificates with SMH, see HP System Management Homepage User's Guide:

http://h20000.www2.hp.com/bc/docs/support/SupportManual/c02532342/c02532342.pdf

See pages 36-37.

MK
MK
Please use plain text.
Super Advisor
Fauziah Mahdan
Posts: 416
Registered: ‎12-03-2002
Message 3 of 3 (286 Views)

Re: SSL Certificate expiry

TQ MK.
The server is behind firewall and it is db server. I will purchase valid cert for my web server at DMZ zone but not for this db server.
There ie one interface for my dba to access their oracle enterprise Manager module to perform db maintenance. No P&C info being transfered and it is in private vlan.
Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation