[Linux-PowerEdge] Debian Jessie repo

Jose_De_La_Rosa at Dell.com Jose_De_La_Rosa at Dell.com
Tue Dec 15 14:02:39 CST 2015


It's not the SSL certificate that's causing the issue but rather some of the ciphers that the web server supports in /opt/dell/srvadmin/lib64/openmanage/apache-tomcat/conf/server.xml. Removing the weak DHE ciphers addresses the issue in Chrome, but need to verify it doesn't affect overall functionality, and also testing with stronger ECDHE ciphers.

Jose De la Rosa
Linux Engineering
Dell | Enterprise Solutions Group

From: Jean-Daniel TISSOT [mailto:Jean-Daniel.Tissot at univ-fcomte.fr]
Sent: Tuesday, December 15, 2015 11:33 AM
To: Ben; linux-poweredge-Lists; De La Rosa, Jose
Subject: Re: [Linux-PowerEdge] Debian Jessie repo

All my browsers reject certificates too weak. How can I install a stronger one.
Could Jose De la Rosa make a docker file with a stronger certificate ?
It will be nice.


Le 15. 12. 15 16:50, Ben a écrit :

On Tue, 15 Dec 2015, Josh_Moore at Dell.com<mailto:Josh_Moore at Dell.com> wrote:

The default certificate included with OMSA is a self-signed certificate

with a weaker hashing algorithm. It is a best practice to replace the

default certificate with your own stronger signed certificate.


Here's an idea: how about Dell change the self-signed certificate to use a

stronger/supported hashing algorithm?  That benefits everyone on all kinds

of levels.


Bien cordialement, Jean-Daniel TISSOT<http://chrono-environnement.univ-fcomte.fr/spip.php?article457>
Administrateur Systèmes et Réseaux
Tel: +33 3 81 666 440 Fax: +33 3 81 666 568

Laboratoire Chrono-environnement<http://chrono-environnement.univ-fcomte.fr/>
16, Route de Gray
25030 BESANÇON Cédex

Plan et Accès<https://mapsengine.google.com/map/viewer?mid=zjsxW4ZzZPLY.kp2qPHUBD45c>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.us.dell.com/pipermail/linux-poweredge/attachments/20151215/ba7dc4b7/attachment.html 

More information about the Linux-PowerEdge mailing list