none
Is the 'Microsoft HPC Linux Communication' certificate needed in a Windows only environment? RRS feed

  • Question

  • Our security scanner flags the Microsoft HPC Linux Communication certificate on our head node because it has a SHA1 encryption. Our environment is windows only and I'm wondering if this cert is even in use. Is there a way to see if the Linux certificate is being used in the HPC cluster?

    Thanks

    Wednesday, September 4, 2019 5:53 PM

All replies

  • Hi Robert,

    This self-signed certificate is used for Linux compute node communication in HPC Pack 2012 R2. It is only used when you setup Linux compute nodes with it as described in this doc. You may safely remove it for Windows only cluster.

    Regards,

    Yutong Sun

    Friday, September 6, 2019 4:04 PM
    Moderator
  • I tried deleting the certificate, but it shows back up in the Certificate store in about 3 minutes. Is there a way to stop the certificate from regenerating after a deletion? 

    Thanks

    Monday, September 16, 2019 3:43 PM
  • Hi Robert,

    The certificate is auto-generated for HPC Linux communication. It is stored in HPC Management database, if you remove it from the head node, it will be restored. But you can generate a new self-signed certificate which satisfies your company's security requirement, export it as a PFX format file, and use the following PowerShell command to replace this certificate.

    Add-PsSnapin Microsoft.Hpc

    $secpassword = Read-Host "Enter the PFX protection Password" -AsSecureString

    Set-HpcLinuxCertificate -FilePath <pfxfilepath> -Password $secpassword

    Tuesday, September 17, 2019 6:58 AM