HPE OneView

CA certificate with alias name ...... is expired


CA certificate with alias name ...... is expired

Hello guys

HPE OneView Frimware = 5.30.00-0421400

Powershell module = 5.30

When I navigate to Oneview > Dashboard > Appliance Alerts, I have a critical alert listed. Screen captures below:



The suggested resolution = "Delete the expired certificate from the appliance, regenerate a new certificate and add the new certificate to the appliance with the same alias name."

You'll notice in the screenshot that the alert is locked.

Two questions:

1. How do I go about addressing this issue? 

2. It says cert type = Root CA. What is this cert for? Where did it come from? Was it baked into the OneView appliance when we first installed it. It also says - Issued to e-Guven Kok Elektronik Sertifika Hizmet Saglayicisi
Issued by e-Guven Kok Elektronik Sertifika Hizmet Saglayicisi. 

Very strange and unusual - any help from the community would be greatly appreciated!





Re: CA certificate with alias name ...... is expired

That certificate is not one of the provided, built-in root CA's we ship.  There are only two, and they are Digicert CA's.  This must have been added from an iLO, or some other device that had a signed CA from this expired root CA.  You can do what the resolution statement says; to remove it from the appliance.  You do this from Settings -> Manage Certificates from the Security panel.  From there, change the State to Expired, and click the Update button.  From there, click the X icon to the right of the expired cert.

Or, you can use the following PowerShell Cmdlet to get it, and then remove it:

# Get the CA authority certs, looking for expired certs
Get-OVApplianceTrustedCertificate -CertificateAuthoritiesOnly | ? { $_.Certificate.NotAfter -le ([DateTime]::Now) }

# Remove them
Get-OVApplianceTrustedCertificate -CertificateAuthoritiesOnly | ? { $_.Certificate.NotAfter -le ([DateTime]::Now) } | Remove-OVApplianceTrustedCertificate 

I am an HPE employee

Accept or Kudo


Re: CA certificate with alias name ...... is expired

Thanks Chris - Befor I go ahead and delete that cert, is there a way of finding out which iLO or other device is associated with that cert?