Dell Iso Certificate

0 views
Skip to first unread message

Custodio Groves

unread,
Aug 5, 2024, 12:48:51 AM8/5/24
to atkaldeca
Hereis some (obfuscated) crypto output from the switch, after I had completed the above commands. We do have RSA and DSA keys, and a certificate. We had this stuff before I regenerated it. I'm not enough of an expert on the math behind the crypto stuff to understand why what I have here does not work. Is it because it is self-signed or self-generated?

Being a self signed cert the browser will throw up a warning message, but you should be presented with an option to accept the self sign cert. Are there any additional options if you select the drop down for more information?


No, there is no option to continue with the unsigned certificate. Consider the difference between the "Page info" from Firefox about both an X1008P switch, and the N1548P.



The X1008P works fine, despite that the certificate is signed by the chipset manufacturer (Marvell), meaning it is self-signed. We can make an exception for this in Firefox (and in Edge, and in IE).






The N1548P doesn't even seem to be sending my browser a certificate, though as we can see above I believe I have generated a certificate. It entirely rejects connecting via https and there is no option to make an exception, I presume because there is no encryption, or the cypher it is trying to communicate with is not acceptable. I am not sure how to test this.










I can bypass the error in Chrome, and that's a valid workaround despite my ideological preference for Firefox. I acknowledge that I may have done something very wrong in terms of how I have provisioned my switches, but it is also possible that something about the certificate generation in the N1500 products I have is badly broken. I am certainly not a crypto expert, but the nmap output seems to indicate the latter. So I am kind of thinking the best solution, would be to fix the switch firmware so it is secure.


This link is an interactive guide that will tell you how to download/install OpenSSL, and then you can select .pfx as your current format and it will instruct you how to convert it to a .pem file, extract the private key, along with all of the other steps needed to get your CA certificate working. I have used this for several CA Questions and found it very helpful.


I suspect that there is a bug, and SVCTAG should have been the Dell Service Tag; that way the subjects would be different at least, and you had at least a little clue where you are connecting to.At least, even when the certificates' subjects are identical, the keys are not.


Currently I cannot tell what firmware version created those certificates, but they were created back in May 2018, so I guess it was the firmware either current at that date, or the firmware that was shipped with the server.


Yes it's a bug. I just checked on an R440, R7625, FC630, FC640, FX2 CMC, and an R6515. Everything 13G or 16G is just fine and correctly displays the service tag but everything 14G and 15G is effected including on the latest iDRAC version. I just put in a ticket for it and got it escalated to engineering. I'll write back here with updates.


That link seems to be a little hazy. All of the informational material is for the EMR training. After hunting around, I found this site, which should allow one to navigate to the training: Learn Dell .


None of these links work is there another one that can be used? My husband works now for a tech company as a certified dell repair person but wants to become an authorized person himself how does he do that?


SSL certificates are commonly used when browsing the internet. Even corporate intranet pages are usually protected with an encrypted SSL connection. The two major security improvements when using SSL certificates are:


When Dell PowerStore is installed, it internally generates a self-signed certificate to allow data encryption between browser and PowerStore. Because the signed certificate is not trusted by the browser, a warning indicates that the page is not trusted. To mitigate the warning, PowerStoreOS allows the administrator to change the out-of-the box self-signed certificate with a trusted SSL certificate, ideally signed by a trusted certification authority (CA).


Besides the major commercial and public CAs, some companies run their own company-wide certificate authority. A private CA is usually part of a Private Key Infrastructure (PKI) and can provide certificates for different purposes. To allow the browser to validate certificates, the certificate of the private CA needs to be installed as a trusted Certificate Authority in the browser.


When a certificate or data is signed or encrypted with a private key, the public shared key can be used to decrypt the information. Fingerprints within the certificate file help verify whether the shared key and decrypted information can be trusted.


The certificate sign request is generated with information from the key file and contains the information for a CA to issue a certificate file. Included information for a CSR generated with PowerStore:


This could be either a single certificate or a certificate chain. A certificate chain is a set of concatenated certificates that allows clients to validate a certificate down to a trusted (CA) certificate. There are different file formats possible:


This is the public certificate of the issuer CA of a certificate. A PowerStore does not know anything of the issuer and needs the CA certificate to build the whole chain of trust for the certificate. Sometimes the file includes the whole certificate chain that consists of concatenated PEM certificates


LinkedIn and 3rd parties use essential and non-essential cookies to provide, secure, analyze and improve our Services, and to show you relevant ads (including professional and job ads) on and off LinkedIn. Learn more in our Cookie Policy.


The certificate issue with Dell is different, however; different enough that I felt the urge to write why this is a significant event and how it demonstrates one of the main problems behind information security where we think throwing a key here and some encryption there somehow makes everything more secure. The cold truth is that it does not, and the Dell certificate issue is a textbook example for it.


Other operating systems, such as Linux, or software languages such as Java, ship with similar lists of trusted authorities worldwide, to which you can later add new ones. Notice that there are only a few Trusted Root Certification Authorities worldwide, and getting on to that list is no small feat.


Quite frankly, a good portion of the people I know, who are otherwise quite computer savvy, are not sure why certificates are used and which ones you should trust. Again, most people do not know that you can actually click on a secured (https) URL on your browser panel to see the certificate associated with the server and read its contents, which looks like this:


Or yet better, simply remove the certificate from your operating system, so you will stop trusting it. Dell has provided instructions how to manually do it, and also released an application that removes it for you:


On a positive note, this vulnerability raised awareness on what certificates are and how the chain of trust works in a real world scenario, which is always a good thing. More importantly, it demonstrated that information security requires a good understanding of the big picture, and is a lot more than throwing SSL keys wherever we can. How you secure information is as important as (if not more important) than what you use to secure it.


Close Topics Topics Cybersecurity Best Practices Cyber Threats and Advisories Critical Infrastructure Security and Resilience Election Security Emergency Communications Industrial Control Systems Information and Communications Technology Supply Chain Security Partnerships and Collaboration Physical Security Risk Management How can we help? GovernmentEducational InstitutionsIndustryState, Local, Tribal, and TerritorialIndividuals and FamiliesSmall and Medium BusinessesFind Help LocallyFaith-Based CommunityExecutivesHigh-Risk Communities Spotlight Resources & Tools Resources & Tools All Resources & Tools Services Programs Resources Training Groups News & Events News & Events News Events Cybersecurity Alerts & Advisories Directives Request a CISA Speaker Congressional Testimony CISA Conferences CISA Live! Careers Careers Benefits & Perks HireVue Applicant Reasonable Accommodations Process Hiring Resume & Application Tips Students & Recent Graduates Veteran and Military Spouses Work @ CISA About About Culture Divisions & Offices Regions Leadership Doing Business with CISA Site Links Reporting Employee and Contractor Misconduct CISA GitHub CISA Central 2023 Year In Review Contact Us Free Cyber Services#protect2024Secure Our WorldShields UpReport A Cyber Issue


Dell personal computers using the preinstalled certificate authority (CA) root certificate (eDellRoot) contain a critical vulnerability. Exploitation of the vulnerability could allow a remote attacker to read encrypted web browser traffic (HTTPS), impersonate (spoof) any website, or perform other attacks on the affected system.


Dell Medical School The University of Texas at Austin acknowledges achievements through certificates, which are awarded for course activities that Dell Medical School The University of Texas at Austin students complete.


Certification is an amazing pathway to getting a high paying career in some of the best jobs in the world without spending thousands of dollars attending a four-year college. The process is pretty simple actually. Candidates select a certificate they want such as CCNA. They train for it, pay a fee to take an exam, meet a list of requirements, and voila! They are certified in a specific field. There are literally hundreds of certifications in almost any subject involving high-level skills. From networking with Cisco to running a cloud server with Amazon AWS, certifications exist at every level of the industry.

3a8082e126
Reply all
Reply to author
Forward
0 new messages