Go to main content

Oracle^® SuperCluster M8 and SuperCluster M7 Security Guide

Exit Print View

» ...Documentation Home » Oracle SuperCluster M8 and SuperCluster M7 ... » Oracle^® SuperCluster M8 and ... » Securing the IB and Ethernet Switches » Hardening the IB Switch Configuration » Replace Default Self-Signed Certificates (IB ...

Updated: June 2020

Oracle^® SuperCluster M8 and SuperCluster M7 Security Guide

Document Information

Using This Documentation

Understanding Security Principles

Reviewing the Default Security Configuration

Securing the Hardware

Securing Oracle ILOM

Securing the Compute Servers

Securing the ZFS Storage Appliance

Securing the Exadata Storage Servers

Securing the IB and Ethernet Switches

Log Into an IB Switch

Determine the IB Switch Firmware Version

Change root and nm2user Passwords

Change IB Switch Passwords (Oracle ILOM)

IB Switch Network Isolation

Default Exposed Network Services (IB Switch)

Hardening the IB Switch Configuration

Disable Unnecessary Services (IB Switch)

Configure HTTP Redirection to HTTPS (IB Switch)

Disable Unapproved SNMP Protocols (IB Switch)

Configure SNMP Community Strings (IB Switch)

Replace Default Self-Signed Certificates (IB Switch)

Configure the Administrative CLI Session Timeout (IB Switch)

Additional IB Switch Resources

Change the Ethernet Switch Password

Auditing for Compliance

Keeping SuperCluster M8 and SuperCluster M7 Systems Secure

Language:

Replace Default Self-Signed Certificates (IB Switch)

The IB switches use self-signed certificates to enable the out-of-the-box use of the HTTPS protocol. As a best practice, replace self-signed certificates with certificates that are approved for use in your environment and signed by a recognized certificate authority.

The IB switch supports a variety of methods that can be used to access the SSL/TLS certificate and private key, including HTTPS, HTTP, SCP, FTP, TFTP, and pasting the information directly into a web browser interface. For more information, refer to the Oracle Integrated Lights Out Manager Supplement for the Oracle Sun Data Center InfiniBand Switch 36 document. See Additional IB Switch Resources.

Log into an IB switch as ilom-admin.
See Log Into an IB Switch.

Determine if the IB switch is using a default self-signed certificate.

-> show /SP/services/https/ssl cert_status
/SP/services/https/ssl
Properties:
cert_status = Using Default (No custom certificate or private key loaded)

Install your organization's certificate.

-> load -source URI /SP/services/https/ssl/custom_cert
-> load -source URI /SP/services/https/ssl/custom_key

Copyright © 2020, Oracle and/or its affiliates.