Sun Microsystems, Inc.  Oracle System Handbook - ISO 7.0 May 2018 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-71-1936716.1
Update Date:2018-03-01
Keywords:
Solution Type  Technical Instruction Sure

Solution  1936716.1 :   Sun SPARC Enterprise M3000, M4000, M5000, M8000, M9000-32/64: How to set 2048 Bit SSL Keys in XSCF  

Related Items 
    

  • Sun SPARC Enterprise M8000 Server
    •  
  • Sun SPARC Enterprise M4000 Server
    •  
  • Sun SPARC Enterprise M3000 Server
    •  
  • Sun SPARC Enterprise M9000-32 Server
    •  
  • Sun SPARC Enterprise M5000 Server
    •  
  • Sun SPARC Enterprise M9000-64 Server
    •  
Related Categories 
    

  • PLA-Support>Sun Systems>SPARC>Enterprise>SN-SPARC: Mx000
    •  




Provides command line example for setting 2048 Bit SSL Keys in XSCF

In this Document
Goal
Solution
References

Created from <SR 3-9616025798>

Applies to:

Sun SPARC Enterprise M4000 Server - Version All Versions and later
Sun SPARC Enterprise M3000 Server - Version All Versions and later
Sun SPARC Enterprise M5000 Server - Version All Versions and later
Sun SPARC Enterprise M8000 Server - Version All Versions and later
Sun SPARC Enterprise M9000-32 Server - Version All Versions and later
Information in this document applies to any platform.

Goal

Qn1: We need to generate 2048 bit SSL certificates for XSCF console access. Is this length supported if the XSCF firmware is at the most recent version ?
 
Qn2: HOW does one set up and enable 2048 bit SSL on XSCF.

This document decribes minimum software versions and exact command line to accomplish this goal.

Solution

An1: In order to be able to use 2048 or greater encryption one *must* have XCP 1116 or beyond.
 

XCP 1116 Released 27 August 2013 ( All M-Series ) contains putback for BugID 16011251 - sethttps should generate 2048 (or greater) bits keys and not use MD5 anymore.


An2: The answer to how to do this is via sethttps.


Action: re-run sethttps with the right option (-b 2048)

  sethttps [[-q] -{y|n}] -c selfsign country state|province locality
  organization organizationalunit common e-mail [-b {1024|2048}]

and confirm that you want to update the certificate

XSCF> sethttps -c selfsign COUNTRY STATE LOCALITY ORG UNIT COMMON name@address.com -b 2048
CA key and CA cert already exist. Do you still wish to update? [y|n] :y

Ref:

SPARC Enterprise M3000/M4000/M5000/M8000/M9000 Servers XSCFUser's Guide

2.2.8 Https Administration pg 2-110

References

<NOTE:1380260.1> - SPARC Enterprise M3000/M4000/M5000/M8000/M9000 - XCP Firmware to Defect Cross Reference
SPARC Enterprise M3000/M4000/M5000/M8000/M9000 Servers XSCF User’s Guide
<NOTE:1002631.1> - Sun SPARC[TM] Enterprise M3000, M4000, M5000, M8000, M9000 XSCF Control Package (XCP) Firmware Image Software Version Matrix Information
<NOTE:1145383.1> - SPARC Enterprise M3000/M4000/M5000/M8000/M9000 Server Matrix for Hardware, Firmware and Software

Attachments 
This solution has no attachment
  Copyright © 2018 Oracle, Inc.  All rights reserved.
 Feedback