Re: How to disable SSL2 and use only SSL3 for HP System Management (1380 Views)
Reply
Occasional Contributor
pyc_1
Posts: 10
Registered: ‎10-05-2005
Message 1 of 8 (1,510 Views)

How to disable SSL2 and use only SSL3 for HP System Management

Installation of HP System Management Homepage on DL380 / Windows 2003 server causes a Qualys reports a multiple security vulnerability. A vulnerability reports are as follows :

- SSL Server Supports Weak Encryption
- SSL Server Uses Weak Encryption
- SSL Server Has SSLv2 Enabled
- SSL Certificate - Signature Verification Failed
- SSL Certificate - Self-Signed Certificate
- SSL Certificate - Subject Common Name Does Not Match Server FQDN

I would like to know on how to disable SSL2 and only enable SSL3 and how to solve a SSL certificate problem.

Thank you
Honored Contributor
Rich Purvis
Posts: 470
Registered: ‎05-11-2004
Message 2 of 8 (1,510 Views)

Re: How to disable SSL2 and use only SSL3 for HP System Management

If you look at this link: http://h18023.www1.hp.com/support/files/server/us/revision/8266.html

It is the revision history for thr HP System Management Homepage. If you scroll down you will see in the revision notes that starting with revision 2.1.4.143, that was released in January, default disabled SSLv2. You have the ability to enable it with a switch if you wish starting with that release, but it is not enabled unless you do that.

If you have that revision or later you should not have a problem. You will need to be specific as to what your certificate issue is.

You may want to look at this HPSIM security white paper: http://h10018.www1.hp.com/wwsolutions/misc/hpsim-helpfiles/hpsim_5_Security.pdf

It discusses how to implement a strong security model, it may or may not satisfy your Quayls report as I don't know all of what it looks for. Good Luck,

-Rich
Why does my tivo keep recording Nickelodeon?
Occasional Contributor
pyc_1
Posts: 10
Registered: ‎10-05-2005
Message 3 of 8 (1,510 Views)

Re: How to disable SSL2 and use only SSL3 for HP System Management

Thank you for your guide. Now the SSL2 issues are fixed. However, the SSL certificate issues still exist.

I try to get a certificate from Windows 2003 Certificate however, it still report the Common Name does not match server FQDN.

Let say, the server FQDN is AV-MBX002.SG.INTERNAL.COM but the certificate subject name is AV-MBX002. How can I request a cert with a FQDN.
Occasional Visitor
SCARABEETLE
Posts: 3
Registered: ‎03-19-2007
Message 4 of 8 (1,510 Views)

Re: How to disable SSL2 and use only SSL3 for HP System Management

Does anyone know if there is an HP tool for MASS deployment of a CA 3rd party certificate? We're seeing NESSUS security vulnerabiliities for pt :2381 and the HP Self-signed cert. Just need a way to deploy a common cert to all servers...easily 1000+..THX!
Honored Contributor
David Claypool
Posts: 4,746
Registered: ‎10-22-2002
Message 5 of 8 (1,510 Views)

Re: How to disable SSL2 and use only SSL3 for HP System Management

There is no mass deployment because there is no single certificate--you will have to have an individual certificate for each and every server. That's because the certificate contains the server's name.
Occasional Visitor
SCARABEETLE
Posts: 3
Registered: ‎03-19-2007
Message 6 of 8 (1,510 Views)

Re: How to disable SSL2 and use only SSL3 for HP System Management

Thanks David for your quick reply:)
Occasional Advisor
Alexey Gromov
Posts: 8
Registered: ‎09-22-2009
Message 7 of 8 (1,510 Views)

Re: How to disable SSL2 and use only SSL3 for HP System Management

How do I request a certificate with FQDN instead of common name?
Regular Visitor
BastianW
Posts: 4
Registered: ‎09-10-2012
Message 8 of 8 (1,380 Views)

Re: How to disable SSL2 and use only SSL3 for HP System Management

Have you tried the following HowTo:

 

http://www.admin-enclave.com/en/solutions/windows/47-replace-the-ssl-certificate-for-hp-system-manag...

 

This explains that you need to use the alternative name for the FQND.

The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.