HPE OneView

Expired Certificate Revocation Lists (CRL's)

 
ServerParrott
Advisor

Expired Certificate Revocation Lists (CRL's)

Oneview (4.00.09) is reporting that my in date CRL's are expired.

Yet more certificate woes with OneView or is there an easy fix for this?

(Also, any update on admins being able to clear locked alerts? Was hoping this would have been addressed in the .09 release.)

 

 

6 REPLIES 6
ChrisLynch
HPE Pro

Re: Expired Certificate Revocation Lists (CRL's)

The 4.00.09 patch only addressed certain certificate expiration alerts.  CRL management today needs to be performed via the UI, or you can automate it with the API.


I am an HPE employee

Accept or Kudo

Lionel_Jullien
HPE Pro

Re: Expired Certificate Revocation Lists (CRL's)

The following PowerShell script can automate the process using the OneView REST API:

https://github.com/jullienl/HPE-Synergy-OneView-demos/blob/master/Powershell/OneView/Update%20all%20existing%20OneView%20CRLs.ps1

YYCSysAdmin
Frequent Advisor

Re: Expired Certificate Revocation Lists (CRL's)

Noted in that code

The 4.10 library will natively provide cmdlets to update the OneView CRLs  


How do we go about doing this in 4.10 ?

Lionel_Jullien
HPE Pro

Re: Expired Certificate Revocation Lists (CRL's)

In 4.10 library, you just need to use the new cmdlet  Update-HPOVApplianceTrustedAuthorityCrl

 

help Update-HPOVApplianceTrustedAuthorityCrl -Examples


Get-HPOVApplianceTrustedCertificate -CertificateAuthoritiesOnly -Name "DigiCert Global CA G2" | Update-HPOVApplianceTrustedAuthorityCrl -Path C:\Directory\CA-updated.crl

 

 

Anonymous
Not applicable

Re: Expired Certificate Revocation Lists (CRL's)

When using the 'Get' and 'Update' combination we get the following error:  'Exception calling "GetProxy" with "1" argument(s): "This operation is not supported for a relative URI."'

ChrisLynch
HPE Pro

Re: Expired Certificate Revocation Lists (CRL's)

@Anonymousplease submit an issue on the project tracker.


I am an HPE employee

Accept or Kudo