Go to main content

Oracle^® SuperCluster M8 and SuperCluster M7 Security Guide

Exit Print View

» ...Documentation Home » Oracle SuperCluster M8 and SuperCluster M7 ... » Oracle^® SuperCluster M8 and ... » Securing Oracle ILOM » Hardening the Oracle ILOM Security Configuration » Replace Default Self-Signed Certificates ...

Updated: June 2020

Oracle^® SuperCluster M8 and SuperCluster M7 Security Guide

Document Information

Using This Documentation

Understanding Security Principles

Reviewing the Default Security Configuration

Securing the Hardware

Securing Oracle ILOM

Log in to the Oracle ILOM CLI

Determine the Oracle ILOM Version

(If Required) Enable FIPS-140 Compliant Operation (Oracle ILOM)

Default Exposed Network Services (Oracle ILOM)

Hardening the Oracle ILOM Security Configuration

Disable Unnecessary Services (Oracle ILOM)

Configure HTTP Redirection to HTTPS (Oracle ILOM)

Disable Unapproved Protocols

Disable Unapproved TLS Protocols for HTTPS

Disable SSL Weak and Medium-Strength Ciphers for HTTPS

Disable Unapproved SNMP Protocols (Oracle ILOM)

Configure SNMP v1 and v2c Community Strings (Oracle ILOM)

Replace Default Self-Signed Certificates (Oracle ILOM)

Configure Administrative Browser Interface Inactivity Timeout

Configure the Administrative Interface Timeout (Oracle ILOM CLI)

Configure Login Warning Banners (Oracle ILOM)

Additional Oracle ILOM Resources

Securing the Compute Servers

Securing the ZFS Storage Appliance

Securing the Exadata Storage Servers

Securing the IB and Ethernet Switches

Auditing for Compliance

Keeping SuperCluster M8 and SuperCluster M7 Systems Secure

Language:

Replace Default Self-Signed Certificates (Oracle ILOM)

Oracle ILOM uses self-signed certificates to enable the out-of-the-box use of the SSL and TLS protocols. Whenever possible, replace self-signed certificates with certificates that are approved for use in your environment and signed by a recognized certificate authority.

Oracle ILOM supports a variety of methods that can be used to access the digital certificate and private key, including HTTPS, HTTP, SCP, FTP, TFTP, and pasting the information directly into a web browser interface. For more information, refer to the Oracle ILOM Configuration and Maintenance Guide (see Additional Oracle ILOM Resources).

Determine if Oracle ILOM is using a default self-signed certificate.

-> show /SP/services/https/ssl cert_status
/SP/services/https/ssl
Properties:
cert_status = Using Default (No custom certificate or private key loaded)

Install your organization's certificate.

-> set /SP/services/https/ssl/custom_cert load_uri=URI_method
-> set /SP/services/https/ssl/custom_key load_uri=URI_method

Copyright © 2020, Oracle and/or its affiliates.