Community
HPE OneView

Expired Certificate Revocation Lists (CRL's)

 
ServerParrott
Advisor

‎06-06-2018 04:56 AM

‎06-06-2018 04:56 AM

Expired Certificate Revocation Lists (CRL's)

Oneview (4.00.09) is reporting that my in date CRL's are expired.

Yet more certificate woes with OneView or is there an easy fix for this?

(Also, any update on admins being able to clear locked alerts? Was hoping this would have been addressed in the .09 release.)

 

 

0 Kudos
Reply
6 REPLIES 6
ChrisLynch
HPE Pro

‎06-09-2018 10:26 AM

‎06-09-2018 10:26 AM

Re: Expired Certificate Revocation Lists (CRL's)

The 4.00.09 patch only addressed certain certificate expiration alerts.  CRL management today needs to be performed via the UI, or you can automate it with the API.


I am an HPE employee

Accept or Kudo

0 Kudos
Reply
Lionel_Jullien
HPE Pro

‎07-12-2018 02:56 AM

‎07-12-2018 02:56 AM

Re: Expired Certificate Revocation Lists (CRL's)

The following PowerShell script can automate the process using the OneView REST API:

https://github.com/jullienl/HPE-Synergy-OneView-demos/blob/master/Powershell/OneView/Update%20all%20existing%20OneView%20CRLs.ps1

0 Kudos
Reply
YYCSysAdmin
Frequent Advisor

‎01-14-2019 02:42 PM

‎01-14-2019 02:42 PM

Re: Expired Certificate Revocation Lists (CRL's)

Noted in that code

The 4.10 library will natively provide cmdlets to update the OneView CRLs


How do we go about doing this in 4.10 ?

0 Kudos
Reply
Lionel_Jullien
HPE Pro

‎01-31-2019 12:37 AM

‎01-31-2019 12:37 AM

Re: Expired Certificate Revocation Lists (CRL's)

In 4.10 library, you just need to use the new cmdlet  Update-HPOVApplianceTrustedAuthorityCrl

 

help Update-HPOVApplianceTrustedAuthorityCrl -Examples


Get-HPOVApplianceTrustedCertificate -CertificateAuthoritiesOnly -Name "DigiCert Global CA G2" | Update-HPOVApplianceTrustedAuthorityCrl -Path C:\Directory\CA-updated.crl

 

 

0 Kudos
Reply
Anonymous
Not applicable

‎02-03-2019 06:00 PM

‎02-03-2019 06:00 PM

Re: Expired Certificate Revocation Lists (CRL's)

When using the 'Get' and 'Update' combination we get the following error:  'Exception calling "GetProxy" with "1" argument(s): "This operation is not supported for a relative URI."'

0 Kudos
Reply
ChrisLynch
HPE Pro

‎02-04-2019 10:49 AM

‎02-04-2019 10:49 AM

Re: Expired Certificate Revocation Lists (CRL's)

@Anonymousplease submit an issue on the project tracker.


I am an HPE employee

Accept or Kudo

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.