How to upgrade Open SSL and disable SSLv3 on your On Premise Monitoring Station

Document ID : KB000030474
Last Modified Date : 14/02/2018
Show Technical Document Details

This article will explain how to update Open SSL and disable SSLv3 on your On Premise Monitoring Station.

 

To upgrade Open SSL and disable SSLv3 for OPMS, please do the following:

1. If /etc/apt/sources.list does not exist, please create this file with the following entries (otherwise just add them).... 

deb http://httpredir.debian.org/debian squeeze main contrib non-free 

deb-src http://httpredir.debian.org/debian/ squeeze-lts main contrib non-free 

deb http://httpredir.debian.org/debian squeeze-lts main contrib non-free 

deb-src http://httpredir.debian.org/debian squeeze-lts main contrib non-free 

deb http://security.debian.org/ wheezy/updates main contrib non-free

 

2. If /etc/apt/apt.conf does not exist, please create this file with the following entry (otherwise comment out the existing entry and replace).... 

APT::Default-Release "squeeze-lts"; 

 

3. Run the command: 

apt-get install debian-archive-keyring 

 

4. To update all Debian packages on the OS, run the commands: 

apt-get update 

apt-get upgrade 

 

5. Check the Open SSL version with 

dpkg -l openssl 

Output should show version 0.9.8o-4squeeze20. If an earlier release is displayed, such as 0.9.8o-4squeeze14, please run the following command….

apt-get install openssl=0.9.8o-4squeeze20 

Note that the character after 0.9.8 is the letter o. 

 

6. Navigate to /etc/nginx/sites-available/ 

 

7. Add the following line to the SSL configuration of watchmouse-cp 

ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 

 

For example:

#SSL configuration               

        ssl_certificate      /etc/ssl/certs/wmcpkeys/wmcp_combined.crt;

        ssl_certificate_key  /etc/ssl/certs/wmcpkeys/wmcp.key;

        ssl_protocols        TLSv1 TLSv1.1 TLSv1.2;   

 

8. Restart the OS.