Topic: Avocent UMG: A Quick Guide - Self-Signed SSL Certificate for HTTPS This quick guide, designed for the Avocent Universal Management Gateway (UMG) Series, describes how to use generate a CSR and Private Key file to submit to a Certificate Authority (CA), and install a Certificate (.p12) on the Avocent UMG. It also provides information about how to install a Self-Signed Certificate to secure HTTPS connection and validate at the client-side PC, which you would ensure it is a correct identity. Figure 1: Replacing the Default UMG Root Certificate Figure 2: Import Third Party Certificate: Issuer and Certificate Equipment: Avocent Universal Management Gateway (UMG) Series installed firmware version 2.0.x or higher Linux machine installed OpenSSL 1.0.1e-fips (Feb 11, 2013) with 1.0.1e-30 package (Source: http://www.openssl.org ) Certificate Authority (CA) such as Microsoft Active Directory Certificate Services Instruction: Step 1: Generate a Certificate Signing Request ( CSR ) and Private Key file Open a SSH connection to a Linux machine installed OpenSSL as a root previlege account. Do the following commands to generate two (2) files - CSR and Private Key file. [root@sun-redhat ~]# openssl OpenSSL> req -new -nodes -keyout private.key -out public.csr Generating a 1024 bit RSA private key .........++++++ .........++++++ writing new private key to 'private.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. Country Name (2 letter code) [GB]: US State or Province Name (full name) [Berkshire]: Florida Locality Name (eg, city) [Newbury]: Sunrise Organization Name (eg, company) [My Company Ltd]: Technical Operation Center Organizational Unit Name (eg, section) []: Emerson Network Power Common Name (eg, your name or your server's hostname) []: UMG-TSLab.asc.local Email Address []: TechSupport@Avocent.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: ******** An optional company name []: ********* OpenSSL> exit IMPORTANT NOTE: The Common Name in this example is using a FQDN, please ensure the DNS Server is able to resolve it. Notice that the private.key and public.csr have been generated. Step 2: Submit a Request to a Certificate Authority (CA) 2.1 : Submit a Request For this example, we are submitting to a Microsoft Active Directory Certificate Services Web Portal. Open a Certificate Request Web Portal with your browser Note : Please contact your System Engineer/ System Administrator for this information. Select a Request a Certificate from a task list Click Advance Certificate Request Click the hyperlink Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file. Open the public.csr file (obtained from Step 1) with a Text Editor to copy only the TEXT content. In the Saved Request Text Field, paste the TEXT content here. Note : Make sure that there is no extra space/ line at the end. Click Submit button Note: Your certificate request has been received. However, you must wait for your System Administrator to issue the certificate you have requested. 2.2 : Download an Approved Certificate For this example, we are downloading from a Microsoft Active Directory Certificate Services Web Portal. Figure 3: Download approved certificate At the homepage of the Microsoft Active Directory Certificate Services Web Portal, click View the Status of a pending certificate request . If the certificate has been issued, you would see the Saved-Request Certificate (Data-Month-Time) link ready to download certificate(s). Click to download. For this example, we are selecting the DER encoded and download the .cer and . p7b file. Save the certnew.cer and certnew.p7b on your local hard drive. Note: This file contains Issued to , Issued by , Valid from/to , Public key , Thumbprint algorithm , and more. Step 3: Convert PKCS#7 (p7b) to PKCS#12 (p12) certificate for the Avocent UMG Appliance [root@sun-redhat ~]# openssl pkcs7 -in certnew.p7b -inform DER -out convertnewcert.pem -print_certs or [root@sun-redhat ~]# openssl x509 -in certnew.cer -inform DER -out convertnewcert.pem If you are using 64 BASE encoded certificate, [root@sun-redhat ~]# openssl pkcs7 -in certnew_64.p7b -inform PEM -out convertnewcert.pem -print_certs or [root@sun-redhat ~]# openssl x509 -in certnew_64.cer -inform PEM -out convertnewcert.pem Then, using a PEM certificate and private key to create NEW PKCS #12 certificate [root@sun-redhat ~]# openssl pkcs12 -export -inkey private.key -in convertnewcert.pem -out newcert4UMG. pkcs12 [root@sun-redhat ~]# Enter Export Password: ******** Verifying - Enter Export Password: ******** Step 4: Install/ Import the Certificate on the Avocent Universal Management Gateway (UMG) To import a third-party certificate to Avocent UMG: From the side navigation bar, click Security . Under Third Party Certificate Import , enter and confirm the Certificate and key passphrase. Click Import . Browse to the certificate (. pkcs12 ) file location and click Open . Click OK to confirm the correct format. Figure 4: Import Certificate supports only PKCS12 Format. Click Apply. Once the Certificate Import Success, click OK and Reboot the UMG appliance. Figure 5: Third Party Certificate Import Success Step 5: Install/ Import the Certificate on the client PC (for first time) using Internet Explorer (IE) Browser Login the Avocent UMG with FQDN , which is used when creating the CSR. Click Certificate Error Warring Icon to install a New Ceritificate (Figure 6). Click Install Certificate and place it in Trusted Root Certification Authorities (Figure 7). Accept/ Confirm the Security Warning Dialog (Figure 8). Close all browsers and re-open with the FQDN address. Note that the Certificate Error Warning is displayed as a Secured Lock icon ( Figure 9 ) . Click the Secured Lock Icon to review the Certificate Information (Figure 10). Figure 6: First-time, View and Install Certificate Figure 7: Install in Trusted Root Certification Authorities Figure 8: Validation for IE Figure 9: Validation: Certificate Status, both Issuer and Certificate are valid. Figure 10: Secured Connection I hope it helps to configure a Self-Signed SSL Certificate for Avocent UMG HTTPS Connection. Charkkrit Wattananusit
↧
Wiki Page: Universal Management Gateway: A Quick Guide - Self-Signed SSL Certificate for HTTPS
↧
Forum Post: 3016 KVM "java not detected" with firefox 48 - works with IE
After upgrade to java 1.8.0_101 and Firefox 48.0, I cannot access my avocent 3016. I get the error: Java Not Detected The Video Viewer requires Java™ Webstart to run. To launch the Video Viewer, install Java™ 1.6 or higher. To bring up the Java installation Web site now, click here: http://www.java.com Please see the Troubleshooting section of the Help File for any Java related issues. I downgraded java to 1.8.0_60 and it still didn't work with firefox. It works with IE and both the old and new javas. I am running the latest firmware available for download -1.1.1.10 I have the KVM switch listed in the security exceptions tab of the java control panel, both as HTTP and HTTPS. Most interestingly, we also have a Dell 2162DS, which was of course made by avocent. With that switch, I get a similar error, telling me that java isn't installed. However, it goes ahead and gives me the JNLP file, and I am able to connect to the switch. So I think the problem is in the Java detection code, not in running the applet.
↧
↧
Hello, I have a high severity vulnerability detected on port (3871/tcp) 'avocent-adsap' by a Nessus scanner on my Dsview4.5 SP5 server. SSL Certificate Chain Contains RSA Keys Less Than 2048 bits Synopsis : The X.509 certificate chain used by this service contains certificates with RSA keys shorter than 2048 bits. Description : At least one of the X.509 certificates sent by the remote host has a key that is shorter than 2048 bits. According to industry standards set by the Certification Authority/Browse in Avocent Support
Hello, I have a high severity vulnerability detected on port (3871/tcp) 'avocent-adsap' by a Nessus scanner on my Dsview4.5 SP5 server. SSL Certificate Chain Contains RSA Keys Less Than 2048 bits Synopsis : The X.509 certificate chain used by this service contains certificates with RSA keys shorter than 2048 bits. Description : At least one of the X.509 certificates sent by the remote host has a key that is shorter than 2048 bits. According to industry standards set by the Certification Authority/Browse in Avocent Support
↧
Forum Post: High Severity Vulnerability on port (3871/tcp) 'avocent-adsap?' / Dsview4.5 SP5 / SSL Certificate Chain Contains RSA Keys Less Than 2048 bits
Hello, I have a high severity vulnerability detected on port (3871/tcp) 'avocent-adsap' by a Nessus scanner on my Dsview4.5 SP5 server. SSL Certificate Chain Contains RSA Keys Less Than 2048 bits Synopsis : The X.509 certificate chain used by this service contains certificates with RSA keys shorter than 2048 bits. Description : At least one of the X.509 certificates sent by the remote host has a key that is shorter than 2048 bits. According to industry standards set by the Certification Authority/Browser (CA/B) Forum, certificates issued after January 1, 2014 must be at least 2048 bits. Some browser SSL implementations may reject keys less than 2048 bits after January 1, 2014. Additionally, some SSL certificate vendors may revoke certificates less than 2048 bits before January 1, 2014. Note that Nessus will not flag root certificates with RSA keys less than 2048 bits if they were issued prior to December 31, 2010, as the standard considers them exempt. See also : https://www.cabforum.org/Baseline_Requirements_V1.pdf Solution : Replace the certificate in the chain with the RSA key less than 2048 bits in length with a longer key, and reissue any certificates signed by the old certificate. Plugin Output : The following certificates were part of the certificate chain sent by the remote host, but contain RSA keys that are considered to be weak : |-Subject : CN=DSView System Certificate |-RSA Key Length : 1024 bits Nessus Plugin ID : 69551 VulnDB ID: 342926 How i can replace this certificate with a new certificate but with a longer RSA key ?
↧
DSView4 support browser in Avocent Support
DSView4 support browser in Avocent Support
↧
↧
i have device : www.emersonnetworkpower.com/.../AvocentLCDConsoleTraywithKVM.aspx< ;br /> i have problem with this device : 1. if keyboard active on consule it's not problem, when i switch to Hardware on active only my Keayboard can not use / function why ? 2. how to reset factory sistem this device ? Need Help, ASAP in Avocent Support
i have device : www.emersonnetworkpower.com/.../AvocentLCDConsoleTraywithKVM.aspx< ;br /> i have problem with this device : 1. if keyboard active on consule it's not problem, when i switch to Hardware on active only my Keayboard can not use / function why ? 2. how to reset factory sistem this device ? Need Help, ASAP in Avocent Support
↧
2sv120bnd1 in Avocent Support
2sv120bnd1 in Avocent Support
↧
Forum Post: Trellis: new release
Hello, does anyone know when the Trellis 4.0.2 will be released, in the 4.0.1 we have a lot of problems with the GUI interface. Thanks and regards Matteo
↧
Forum Post: Trellis: unexpected logout from the GUI
Hello, We're experienced unexpected logout from the GUI during normal operation (data insert or search operations.... is not a session timeout). We got the same behavior from different client and different browser, after the logout the user has to re-login as new session. Thanks Matteo
↧
↧
Forum Post: SV200 series KVM and Logitech Unifying Receiver Devices
I'm trying to use a Logitech K350 keyboard and M510 mouse with my Emerson Avocent SV220 DVI KVM switch. These peripherals both use a single "Unifying" receiver, which is a small USB dongle that plugs in to a USB port, just like any other USB device. Both of these peripherals operate properly when connected directly to my targets (Dell Inspiron laptop - Target 1, and Macbook Pro - Target 2). However, when I plug the receiver into either the console keyboard or mouse USB port on the switch, the switch begins switching spontaneously between Target 1 and Target 2, repeatedly, landing on Target 1 for about 2 seconds, and then Target 2 for less than a second. This continues until I unplug the receiver. While this is happening, no video is sent to the monitor, and neither peripheral seems to work. What I have tried so far: Power cycling the SV220, with Targets powered on, and off. Rebooting both Targets with SV220 powered on Removing and reconnecting all USB, DVI and power connections to SV220 and power cycling SV220 and Targets. Is there some hotkey sequence or initialization sequence I should be following, or are these devices just incompatible with the SV220? The latter would be extremely disappointing, as both peripherals are popular and inexpensive devices. I have a very old Logitech USB cordless trackball that has no such problem.
↧
DSVIEW 3 in Avocent Support
DSVIEW 3 in Avocent Support
↧
This page can’t be displayed Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to https://localhost again. If this error persists, it is possible that this site uses an unsupported protocol or cipher suite such as RC4 (link for the details), which is not considered secure. Please contact your site administrator. in Avocent Support
This page can’t be displayed Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to https://localhost again. If this error persists, it is possible that this site uses an unsupported protocol or cipher suite such as RC4 (link for the details), which is not considered secure. Please contact your site administrator. in Avocent Support
↧
DSView system from 4.5.0.181 to 4.5.0.247 in Avocent Support
DSView system from 4.5.0.181 to 4.5.0.247 in Avocent Support
↧
↧
dsview website can't be displayed any more after the upgrade from 4.5.0.181 to 4.5.0.247. tried multiple browser and all failed. here is error message for IE "This page can’t be displayed Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to https://localhost again. If this error persists, it is possible that this site uses an unsupported protocol or cipher suite such as RC4 (link for the details), which is not considered secure. Please contact your site administrator. " in Avocent Support
dsview website can't be displayed any more after the upgrade from 4.5.0.181 to 4.5.0.247. tried multiple browser and all failed. here is error message for IE "This page can’t be displayed Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to https://localhost again. If this error persists, it is possible that this site uses an unsupported protocol or cipher suite such as RC4 (link for the details), which is not considered secure. Please contact your site administrator. " in Avocent Support
↧
Wiki Page: Front Ending a HMX1000/2000 receiver with a SV200/300 series switch
Procedure to allow the mouse to work with HMX1000/2000 receivers being front ended with a SV200/300 series switch Early versions of SwitchView 200/300 series do not let mouse work Requirements: SwitchView version: Ends in 0416 or higher HMX 1070 or 2050 version: 6.30.0.12 or higher Windows PC Video Monitor Keyboard and Mouse (USB) Disable virtual media on the HMX receiver through the serial port . Note: Virtual media is disabled by default Steps to configure the SwitchView to work with HMX 1000/2000 receivers 1. Connect a Video Monitor, Keyboard and Mouse to the SwitchView 2. Connect a Windows 7 or higher to the SwitchView as a target (Any port) 3. Connect to the Windows target through the SwitchView 4. From the Windows target open Notepad application 5. Click in the Notepad application 6. Enter terminal mode by pressing Left Ctrl + Right Ctrl + t 7. You will see a menu appear. Select the option to exit terminal mode 8. After you exit while still in Notepad select Left Ctrl + Right Ctrl + B 9. The SwitchView is now ready to front end and HMX 1000/2000 Receiver
↧
File: SVKM140 3D Model
↧
Have a Dell DMPU4032 but can't find the latest firmware Have downloaded the file FL0652-AVODELL-1.20.0.0.4039.fl from www.emersonnetworkpower.com/.../Avocent-Switches-for-Dell.aspx but when uploading I get the error "The provided file was not the correct file type" verified the file with the included MD5. in Avocent Support
Have a Dell DMPU4032 but can't find the latest firmware Have downloaded the file FL0652-AVODELL-1.20.0.0.4039.fl from www.emersonnetworkpower.com/.../Avocent-Switches-for-Dell.aspx but when uploading I get the error "The provided file was not the correct file type" verified the file with the included MD5. in Avocent Support
↧
↧
Forum Post: PM3000 series not upgrading through RPM
Hi, I have a customer who's using RPM, the latest version. PM3000s were succesfully detected by the RPM. Power switiching seems to work, but updating always gives an error message. The environment is highly secure so the only open TCP ports are: 22, 3211(tcp & udp), 2068, 8192, 3871 & 3502. I tried here in my lab and I can get it to work just fine. what else could it be? How can I check? If the PDU is detected correctly, are there any versions I can not directly upgrade to 2.1.0.23? Thanks! Jeremy
↧
Forum Post: Replication has stopped - Security Certificates dont match
Hi, Has anyone experienced issues with HUB and Spoke replication stopping because Security Certificates dont match ? How do I go about fixing the issue ? We cannot pin point when replication stopped working or if it ever worked after certifcates were updated in January. Thanks
↧
Forum Post: i want to disable SSL V3 from the ACS6000, please help me.
i want to disable SSL V3 from the ACS6000, please help me. SSL 3.0 is an obsolete and insecure protocol. Encryption in SSL 3.0 uses either the RC4 stream cipher, or a block cipher in CBC mode. RC4 is known to have biases, and the block cipher in CBC mode is vulnerable to the POODLE attack. The SSLv3 protocol is insecure due to the POODLE attack and the weakness of RC4 cipher. Note: In April 2015, PCI released PCI DSS v3.1 announcing that NIST no longer considers Secure Socket Layers (SSL) v3.0 protocol as acceptable for protecting data and that all versions of SSL versions do not meet the PCI definition of "strong cryptography." An attacker can exploit this vulnerability to read secure communications or maliciously modify messages. Disable the SSL 3.0 protocol in the client and in the server
↧