[Linux-PowerEdge] Dell OMSA - cannot replace expired selfsigned Dell certificate on OMSA port 1311/tcp

mr.zbiggy mr.zbiggy at upcpoczta.pl
Tue Dec 17 17:20:23 CST 2019


[EXTERNAL EMAIL] 

Hello,

OMSA Port: 1311/tcp Expired Dell self-sign certificate:
Subject : C=US/ST=TX/L=Round Rock/OU=SA Enterprise Software
Development/O=Dell Inc/CN=
Issuer  : C=US/ST=TX/L=Round Rock/OU=SA Enterprise Software
Development/O=Dell Inc/CN=
Tried to upload key and cert in pfx file using OMSA web page but failed
with error: HTTP Status 403 - Forbidden
Type: Status Report
Message: Accessing resource:/************/UploadCertServlet is forbidden.
Description: Server understood request but refuses to authorize it.
Apache Tomcat /9.0.8
Tried to upload key and cert using racadmin 9.3.0-3465.14818.el7.x86_64
- it uploaded key and cert, sslcertview shows it but web page continues
to use expired certificate. racreset does not make cert update on web page.
racadm sslkeyupload -f /tmp/key -t 1
racadm sslcertupload -f /tmp/cer -t 1
racadm racreset
racadm sslcertview -t 1
racadm racreset soft
racadm racreset hard
racadm racreset soft -f
racadm racreset hard -f
So stopped and removed OMSA web page to stop reports from Nessus
security scanned that OMSA certificate is expired and selfsign:
systemctl stop dsm_om_connsvc.service
systemctl disable dsm_om_connsvc.service
yum erase srvadmin-jre-9.3.0-3465.14818.el7.x86_64
Removing:
srvadmin-jre             9.3.0-3465.14818.el7
Removing for dependencies:
srvadmin-tomcat          9.3.0-3465.14818.el7
srvadmin-webserver       9.3.0-3465.14818.el7

1. What right I need to be able to upload key and cert in pfx file via
omsa web page?
2. What I'm doing wrong that racreset does not activate correctly
updated certificate?

greetings,
Zbigniew



More information about the Linux-PowerEdge mailing list