Opened 8 years ago

Closed 8 years ago

#21 closed (wontfix)

iLO web interfaces for pc1 and pc3 claim to have the same SSL issuer and serial number

Reported by: chaos@bbn.com Owned by: somebody
Priority: major Milestone: IG-ADM-1
Component: Administration Version: SPIRAL4
Keywords: Cc:
Dependencies:

Description

When i login to the web console for the pc3 iLO (at 155.98.34.104) using firefox, i get the standard firefox "do you want to trust this certificate?" dialogue, and am able to successfully connect.

If i subsequently try to connect to the pc1 iLO (at 155.98.34.103) using the same firefox instance, i get the error:

Secure Connection Failed
      
An error occurred during a connection to 155.98.34.103.

You have received an invalid certificate.  Please contact the server
administrator or email correspondent and give them the following
information:

Your certificate contains the same serial number as another certificate
issued by the certificate authority.  Please get a new certificate
containing a unique serial number.

(Error code: sec_error_reused_issuer_and_serial)

 The page you are trying to view can not be shown because the
 authenticity of the received data could not be verified.

Please contact the web site owners to inform them of this problem.
Alternatively, use the command found in the help menu to report
this broken site.

If i delete the SSL information for 155.98.34.104 from my browser and clear the cache, i can subsequently browse to .103 normally (but of course get this error again when i go back to .104).

From the iLO logins, i see the following SSL information for the two devices:

  • pc1 (155.98.34.103):
    Issued To 	CN=ILOUSE211XXJR.utah.geniracks.net, OU=ISS, O=Hewlett-Packard Company, L=Houston, ST=Texas, C=US
    Issued By 	C=US, ST=TX, L=Houston, O=Hewlett-Packard Company, OU=ISS, CN=iLO3 Default Issuer (Do not trust)
    Valid From 	Wed, 11 Jan 2012
    Valid Until 	Mon, 12 Jan 2037
    Serial Number 	57
    
  • pc3 (155.98.34.104):
    Issued To 	CN=ILOUSE211XXJS.utah.geniracks.net, OU=ISS, O=Hewlett-Packard Company, L=Houston, ST=Texas, C=US
    Issued By 	C=US, ST=TX, L=Houston, O=Hewlett-Packard Company, OU=ISS, CN=iLO3 Default Issuer (Do not trust)
    Valid From 	Wed, 11 Jan 2012
    Valid Until 	Mon, 12 Jan 2037
    Serial Number 	57
    

So those serial numbers are indeed identical. I have verified that the other three iLOs have unique serial numbers (pc2=55, pc4=53, pc5=54), and do not experience this problem.

Change History (1)

comment:1 Changed 8 years ago by chaos@bbn.com

Resolution: wontfix
Status: newclosed

Leigh reports that they are not planning to fix this.

Note: See TracTickets for help on using tickets.