Skip to main content
NetApp Knowledge Base

Why does OnCommand Insight / OnCommand Data Warehouse display banner: 'Security risk: default encryption keys detected'?

Views:
285
Visibility:
Public
Votes:
1
Category:
oncommand-insight
Specialty:
oci
Last Updated:

 

Applies to

  • OnCommand Insight 7.3.x ( OCI )
  • OnCommand Insight Data Warehouse 7.3.x  ( OCI DWH )

Answer

Data WareHouse Banner Message:

clipboard_efc2e9a9c6a7e8c15537bdfd473570b1c.png

The following statement is documented within the OnCommand Insight 7.3.5 Release Notes Page 17

Warning if using default security key pairs:
Insight detects if your configuration is using default encryption keys, and displays warning messages on the Server health page and the Data Warehouse health monitor, recommending that you change the encryption keys. The message is also displayed at the completion of an upgrade or installation. After the keys have been changed, the warning messages will no longer be displayed.

Per the DWH documentation for Managing DWH Security, you will need to use the Windows CLI with Run as Administrator to change encryption keys.

Perform the following steps to update Encryption keys in Data Warehouse (DWH):

  1. Login directly to or Remote Desktop (RDP) into DWH host operating system.
  2. Open the CLI with Run as Admin, and initiate the securityadmin tool as outlined in Documentation for your version of OnCommand Insight.
    • Note: Run the file with the -i option to leverage the interactive wizard.
  3. Select option 6 to check if the current encryption key is the default key or not.
  4. Select option 3 to re-create the encryption key.
  5. Select option 6 to verify current encryption key is not the default key.
  6. Restart the SANscreen Server service.
  7. Clear the browser cache and cookies from any browsers that were previously used to access DWH.
  8. Login to DWH and verify the red banner is gone.

Note: Avoid using any full URLs within the browser history from any previous WebUI sessions. If URLs from the browser history are used, the error Server Not Found is expected.