New 2048 Cert for OA

Touchngoes · ‎03-23-2022

We have several C7000 chassis that are in FIPS mode and the self-signed certificates for the Onboard Administrators have expired. https://support.hpe.com/hpesc/public/docDisplay?docId=c03659074&docLocale=en_US expains how to generate a 2048 bit-key and that it does not require the reset of the OA to factory defaults when you use the the "GENERATE KEY" option in CLI. What the acrticle does not address is will this effect the Virtaul Connect Mode?

OA = 4.96, VC = 4.45

Jeff

ManBha · ‎03-27-2022

Hello,

Please do refer the below document.

When the Onboard Administrator is operating in FIPS Mode ON, certificates must have a minimum RSA key length of 2048bits, and the signature hash algorithm must be SHA1, SHA-224, SHA-256, SHA-384, or SHA-512. In FIPS Top-Secret Mode -certificates must have a minimum RSA key length of 3072 bits or ECDSA 384 bits, and the signature hash algorithm must beSHA-384.

It will not affect the communication with VC module.

Thanks.

I work for HPE.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]

Accept or Kudo

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

New 2048 Cert for OA

New 2048 Cert for OA

Re: New 2048 Cert for OA