HPE Community
HPE OneView
1753461 Members
4833 Online
108794 Solutions
New Discussion

Re: CA certificate with alias name ...... is expired

 
Ruster007
Advisor

‎08-05-2020 03:05 PM

‎08-05-2020 03:05 PM

CA certificate with alias name ...... is expired

Hello guys

HPE OneView Frimware = 5.30.00-0421400

Powershell module = 5.30

When I navigate to Oneview > Dashboard > Appliance Alerts, I have a critical alert listed. Screen captures below:

Cert1.JPGCert2.JPG

 

The suggested resolution = "Delete the expired certificate from the appliance, regenerate a new certificate and add the new certificate to the appliance with the same alias name."

You'll notice in the screenshot that the alert is locked.

Two questions:

1. How do I go about addressing this issue? 

2. It says cert type = Root CA. What is this cert for? Where did it come from? Was it baked into the OneView appliance when we first installed it. It also says - Issued to e-Guven Kok Elektronik Sertifika Hizmet Saglayicisi
Issued by e-Guven Kok Elektronik Sertifika Hizmet Saglayicisi. 

Very strange and unusual - any help from the community would be greatly appreciated!

Thanks

 

 

2 people had this problem.
0 Kudos
Reply
5 REPLIES 5
ChrisLynch
HPE Pro

‎08-05-2020 08:42 PM

‎08-05-2020 08:42 PM

Re: CA certificate with alias name ...... is expired

That certificate is not one of the provided, built-in root CA's we ship.  There are only two, and they are Digicert CA's.  This must have been added from an iLO, or some other device that had a signed CA from this expired root CA.  You can do what the resolution statement says; to remove it from the appliance.  You do this from Settings -> Manage Certificates from the Security panel.  From there, change the State to Expired, and click the Update button.  From there, click the X icon to the right of the expired cert.

Or, you can use the following PowerShell Cmdlet to get it, and then remove it:

# Get the CA authority certs, looking for expired certs
Get-OVApplianceTrustedCertificate -CertificateAuthoritiesOnly | ? { $_.Certificate.NotAfter -le ([DateTime]::Now) }

# Remove them
Get-OVApplianceTrustedCertificate -CertificateAuthoritiesOnly | ? { $_.Certificate.NotAfter -le ([DateTime]::Now) } | Remove-OVApplianceTrustedCertificate

I am an HPE employee

Accept or Kudo

Reply
Ruster007
Advisor

‎08-10-2020 02:19 PM

‎08-10-2020 02:19 PM

Re: CA certificate with alias name ...... is expired

Thanks Chris - Befor I go ahead and delete that cert, is there a way of finding out which iLO or other device is associated with that cert?

Thanks

 

0 Kudos
Reply
MarioE
Valued Contributor

‎01-10-2023 10:53 PM - edited ‎01-10-2023 10:55 PM

‎01-10-2023 10:53 PM - edited ‎01-10-2023 10:55 PM

Re: CA certificate with alias name ...... is expired

 
0 Kudos
Reply
Adarshop
Senior Member

‎02-25-2023 11:25 PM

‎02-25-2023 11:25 PM

Re: CA certificate with alias name ...... is expired

Hi Team,

 I have facing this same issue in our infra also, Could you please share the steps how to generate the new certificate

0 Kudos
Reply
Sunitha_Mod
Moderator

‎02-27-2023 08:17 PM

‎02-27-2023 08:17 PM

Re: CA certificate with alias name ...... is expired

Hello @Adarshop,

Thank you for writing to us! 

Since you have posted in an old topic and there is no response yet, I would recommend you to create a new topic using the create "New Discussion" button, so the experts can check and assist you further. 

Thanks,
Sunitha G
I'm an HPE employee.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.