01-27-2011 03:20 AM
From penetration report mention that my hpux 11.31 server ssl cert is expired.
When I check with the app vendor (it is a db server) the app did not use ssl and https.
So how can the peneytation detect this ssl cert expired? How to disable this?
01-27-2011 05:02 AM
Normally SMH auto-generates a self-signed SSL certificate when the OS is installed. This will eventually expire.
The simplest way to refresh SMH's default SSL certificate is to run:
swconfig -x reconfigure=true SysMgmtHomepage
This will produce a new self-signed SSL certificate for SMH.
If you want to use a certificate issued by a Certificate Authority (e.g. if your organization has a private SSL CA that is automatically recognized by your organization's systems), you should use SMH's certificate configuration functions instead of the above command line to refresh the certificate.
For more information about using CA-issued certificates with SMH, see HP System Management Homepage User's Guide:
See pages 36-37.
01-27-2011 06:05 PM
The server is behind firewall and it is db server. I will purchase valid cert for my web server at DMZ zone but not for this db server.
There ie one interface for my dba to access their oracle enterprise Manager module to perform db maintenance. No P&C info being transfered and it is in private vlan.