HPE OneView

Connect-OVMgmt : Unable to connect to appliance. The certificate is not trusted....

 
SOLVED
Go to solution
Ruster007
Advisor

Connect-OVMgmt : Unable to connect to appliance. The certificate is not trusted....

Hi guys

Just attempted logging in today via powershell module version 5.30. Receieved the following error:

Connect-OVMgmt : Unable to connect to x.y.z appliance. The certificate is not trusted due to these
X509CertChain flags: PartialChain
Please refer to https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.x509certificates.x509chainst
atusflags?view=netframework-4.6 for more information.
At line:1 char:1
+ Connect-OVMgmt
+ ~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (Hostname:String) [Connect-OVMgmt], ApplianceTransportException
+ FullyQualifiedErrorId : HostnameAndCertDoNotMatch,Connect-OVMgmt

I used be be able to connect (last week) - any ideas?

Windows updates is hunch perhaps...

Cheers

Steve

3 REPLIES 3
ChrisLynch
HPE Pro

Re: Connect-OVMgmt : Unable to connect to appliance. The certificate is not trusted....

The partial chain message means the PC doesn't trust the issuer, or the cert chain of issuing subordinates to the root CA. Did you change the cert on the appliance to a CA signed cert?

I am an HPE employee

Accept or Kudo

Ruster007
Advisor

Re: Connect-OVMgmt : Unable to connect to appliance. The certificate is not trusted....

Not that I'm aware of.

I've just connected successfully from a Windows server OS  - (that has not recently had a feature update applied). 

So I'm only getting this issue from my 2 Win 10 machines that have recently recived the version 2004 update . - Perhaps I need to find a machine that hasn't been patched to confirm. 

Cheers

 

ChrisLynch
HPE Pro
Solution

Re: Connect-OVMgmt : Unable to connect to appliance. The certificate is not trusted....

I don't think it was caused by the 2004 update.  My dev PC is 2004, and I cannot reproduce the issue you reported.  Besides, there have been no changes to PowerShell 5.1.  All PowerShell development from Microsoft has been with Core editions.  One thing you can do is use the Get-OVCommandTrace Cmdlet to view extended verbose output, that would include the .Net Class library used to validate certificates and their chain.  That might give you a clue about what is going on further.  You could also use OpenSsl to dump the cert using the s_client connect command.


I am an HPE employee

Accept or Kudo