HPE OneView
cancel
Showing results for 
Search instead for 
Did you mean: 

OneView Alert: CRL issued by VeriSign Class 3 Public Primary Certification Authority - G5 is expired

 
SOLVED
Go to solution
David Claussen
Regular Advisor

OneView Alert: CRL issued by VeriSign Class 3 Public Primary Certification Authority - G5 is expired


OneView Appliance for vSphere, version 4.00.07.02-0334467.

 

Why is OneView so incredibly difficult to work with?

My latest problem is the following error:

screenshot.25.jpg

So I copied the URL for the cert and it downloaded fine. 

Now, I tried to get this new cert into my HPOneView appliance. Security/Manager Certificates/Add Certificates

screenshot.26.jpg

After an hour of searching, I can find no way to open the CRL files and get the base64 cert text and there is no option to inport a local file.

So I try Add certificate from an IP address or hostname:

screenshot.27.jpg

Entering the url provided by the initial alert FROM ONEVIEW yeilds the error:

screenshot.28.jpg

I tried multiple ports as well with no success.

Now I have been fighting with OneView for months now - configuration issues, update issues, alerting issues (IE - seven alerts for a server reboot - this is a total nightmare and there is no documentation anywhere for help) and now this cert thing.

Any help is appreciated, but this is strike 27 for this software and if I can't get this cert thing cleared up - OneView is gone and I'll go back to SIM.

 

 

14 REPLIES 14
Nikolape
Occasional Advisor

Re: OneView Alert: CRL issued by VeriSign Class 3 Public Primary Certification Authority - G5 is exp

I have the same problem with our Synergy frame, and could not agree more with previous post. Please, any help would be appreciated! 

The question is simple, how to import missing .crl file?

Thank you.

frenchy94
Regular Advisor

Re: OneView Alert: CRL issued by VeriSign Class 3 Public Primary Certification Authority - G5 is exp

this issue is well documented in release notes i think


---
L'absence de virus dans ce courrier électronique a été vérifiée par le logiciel antivirus Avast.
https://www.avast.com/antivirus
Dennis Handly
Acclaimed Contributor

Re: OneView Alert: CRL issued by VeriSign Class 3 Public Primary Certification Authority - G5 is exp

I'm not sure why you want to get a CRL?  The Certificate Revocation List contains a list of certs that have been revoked.

I only see a Last Update and Next Update fields.

You need to create new certs to replace the expired ones.

 

> I tried to get this new cert into my HPOneView appliance. Security/Manager Certificates/Add Certificates

 

I'm not sure why it would need you to add a CRL?

 

>  I can find no way to open the CRL files and get the base64 cert text and there is no option to import a local file.

 

You can open the .CRL in Windows.  Or use:

openssl crl -inform der -in pca3-g5.crl -text -noout

So I would suggest you look for expiration dates for your certs and CA certs.

Unless it's related to you can't access the CRL?

https://github.com/HewlettPackard/POSH-HPOneView/issues/97

David Claussen
Regular Advisor

Re: OneView Alert: CRL issued by VeriSign Class 3 Public Primary Certification Authority - G5 is exp

It is not. There are references to CRL files in both the release douments and the user manual, but nowhere does it show how to istall/import a CRL file.

David Claussen
Regular Advisor

Re: OneView Alert: CRL issued by VeriSign Class 3 Public Primary Certification Authority - G5 is exp

As you can see in my inital post, the CRL file is what my OneView shows as expired - that is why I would assume that I need to replace it.