1. Oracle ILOM Administrator's Guide for Configuration and Maintenance Firmware Release 5.1.x
  2. Using the Oracle ILOM Remote System Console Plus
  3. Resolving Warning Messages for Self-Signed SSL Certificate

Resolving Warning Messages for Self-Signed SSL Certificate

Note:

The following information applies to the users of the Oracle ILOM Remote System Console and the Oracle ILOM Remote System Console Plus.

As of Oracle ILOM firmware version 3.2.8, unless a custom signed SSL certificate is in use, additional certificate checks will be conducted by Oracle ILOM when the self-signed Default SSL Certificate is in use.

Note:

For further information about using a trusted SSL certificate in Oracle ILOM, see Improve Security by Using a Trusted SSL Certificate and Private Key in Oracle ILOM Security Guide For Firmware Release 5.x.

When the Default SSL Certificate is in use, Oracle ILOM remote KVMS console users might experience one of the following warning messages:

  • Certificate Check Warning Message — The security certificate of this server is untrusted.
    • Required user action: Follow these steps to ensure the Default SSL certificate is valid:
    1. Take note of the host certificate fingerprint value appearing on the Warning dialog box.
    2. Access the SSL Certificate page in Oracle ILOM to confirm that the host certificate fingerprint value appearing on the Warning dialog box matches the host certificate fingerprint value listed on the SSL Certificate page.

      Note:

      To access the SSL Certificate page, click ILOM Administration > Management Access > SSL Certificate.
    3. Perform one of the following:
      • If the host certificate fingerprint values match in Step 2, you can choose to: 1) bypass the Warning message by clicking the Continue (not recommended) button, or 2) exit launching the remote system console by clicking the Abort System Console button.

        Note:

        Prior to clicking the Continue (not recommended) button you should consult with your security officer or system administrator for guidance on how to proceed.
      • If the host certificate fingerprint values do not match in Step 2, you should click the Abort System Console button and follow-up with your security officer or system administrator for resolution.
  • Video Redirection Error — Man-in-the -middle attack is occurring or the self-signed Default SSL Certificate and fingerprint have changed.
    • Required User Action — Perform the following steps:
      1. Consult with your security office or system administrator to confirm that the Default SSL Certificate changed.
      2. After receiving confirmation that the Default SSL Certificate changed, you can choose to either remove the host certificate fingerprint file from the local user directory or edit the local host certificate fingerprint file with the last fingerprint value issued by Oracle.
        • To remove the host certificate fingerprint file, select the local host certificate fingerprint file (ilomrc_known_hosts or jrc2_known_hosts) in the local user directory (/user|home/username) and click Delete. Upon removing the stale fingerprint file in the local user directory, relaunch the remote system console and refer to the steps for resolving the Certificate Check warning message.

          -or-

        • To edit the host certificate fingerprint file with the last fingerprint value issued by Oracle, follow these steps:
        1. Using a text editor open the fingerprint file (ilomrc_known_hosts or jrc2_known_hosts) in the local user directory (/user|home/username)
        2. Remove the fingerprint value listed in the local host certificate fingerprint file .
        3. Open the Oracle ILOM web interface and copy the fingerprint value appearing on the SSL Certificate page and paste it in to the local host certificate fingerprint file.

          Ensure that the spacing between the IP address and the fingerprint value is preserved.

        4. Save the changes to the local host certificate fingerprint file and relaunch the remote system console.