IBM Support

IMM2 V1.65 Browser access defaults to HTTPS - System x servers

Troubleshooting


Problem

After Integrated Management Module II (IMM2) firmware is updated from version 1.50 Build ID: 1AOO30W or previous to version 1.65 Build ID: 1AOO32O or later, access using a web browser specifies using secure Hypertext Transfer Protocol over Secure SocketLayer (HTTPS) and requires users to import a security certificate.

Resolving The Problem

Source

RETAIN tip: H21714

Symptom

After Integrated Management Module II (IMM2) firmware is updated from version 1.50 Build ID: 1AOO30W or previous to version 1.65 Build ID: 1AOO32O or later, access using a web browser specifies using secure Hypertext Transfer Protocol over Secure Socket Layer (HTTPS) and requires users to import a security certificate.

Affected configurations

The system may be any of the following IBM servers:

  • System x3500 M4, type 7383, any model
  • System x3550 M4, type 5459, any model
  • System x3550 M4, type 7914, any model
  • System x3650 M4, type 7915, any model

This tip is not software specific.

This tip is not option specific.

The following system firmware level(s) are affected: IMM2 firmware v1.65 Build ID: 1AOO32O and later

The system has the symptom described above.

Workaround

To work around this issue, employ one (1) of the two (2) following methods:

Import a default self-signed certificate into the browser. (Check browser documentation for procedure.) To disable the IMM2 HTTPS feature using the Command Line Interface (CLI):

  1. Connect to IMM2 by telnet.
  2. Enter "username" and "password" as prompted.
  3. Enter the 'SSL' command. The return value should show as '-server e on' meaning the HTTPS feature is enabled.
  4. Enter the 'SSL -se off' command.
  5. The result of the 'SSL' command now should show as '-server e off' meaning the feature is disabled. If users need to re-enable the HTTPS feature, use the 'SSL -se on' command in the sequence described previously.
  6. Exit the telnet connection.
  7. Connect to IMM2 with a browser using Hypertext Transfer Protocol (HTTP) without SSL.

Disable the HTTPS feature of IMM2 and use HTTP. To disable the IMM2 HTTPS feature using a web browser:

Note: This may expose security risks.

  1. Connect to IMM2 with a supported web browser and log in.
  2. Click Integrated Management Module (IMM) Management from the top menu.
  3. Select Security from its drop-down list.
  4. The IMM Security Settings page will be displayed that includes the HTTPS Server tab.
  5. Locate the 'Enable HTTPS server' setting and click the check box to remove check mark.
  6. Click Apply.
  7. This will prompt that service to restart, so click OK and wait a few minutes for the restart to access by the HTTP protocol.

Additional information

The IMM2 HTTPS feature was enabled by default in version 1.50 Build ID: 1AOO30W, however a certificate was not set to be generated automatically. As a result, accessing IMM2 by a web browser used HTTP without SSL until a certificate was assigned.

The IMM2 web browser login screen displays a message such as the following:

Note: Although the IMM2 is configured for HTTPS, a usable certificate is not present. The IMM2 will operate in HTTP mode until a valid certificate has been installed.

For versions after 1.65 Build ID: 1AOO32O, in addition to HTTPS being enabled, a self-signed certificate is generated automatically. Therefore, initial access through a web browser will use HTTPS.

For greater security, it is recommended to change the certificate to one signed by Certificate Authority (CA).

IMM2 can be accessed using a web browser either by importing the default self-signed certificate, or disabling HTTPS mode.

Note: Disabling HTTPS may cause a security risk for data transferred over the network.

For more details of IMM2 usage, see Document ID MIGR-5086346, "IBM IMM2 User's Guide," that can be downloaded at the following URL:

 

http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5086346

Document Location

Worldwide

Operating System

System x:Operating system independent / None

Lenovo x86 servers:Operating system independent / None

[{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"QU01DEW","label":"System x->System x3500 M4->7383"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"QU01DKP","label":"System x->System x3650 M4->7915"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"QU01FYU","label":"System x->System x3550 M4->5459"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"QU91IPI","label":"System x->System x3550 M4->7914"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"QUOFNIG","label":"Lenovo x86 servers->Lenovo System x3550 M4->7914"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"QUOFNII","label":"Lenovo x86 servers->Lenovo System x3500 M4->7383"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"QUOFNIO","label":"Lenovo x86 servers->Lenovo System x3650 M4->7915"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
30 January 2019

UID

ibm1MIGR-5093597

Page Feedback