HPE Community
HPE OneView
1753767 Members
5847 Online
108799 Solutions
New Discussion

Re: OneView CERT

 
SOLVED
Go to solution
CorbettEnders
Advisor

‎02-03-2021 08:45 AM - edited ‎02-03-2021 08:50 AM

‎02-03-2021 08:45 AM - edited ‎02-03-2021 08:50 AM

Re: OneView CERT

Here's the steps for someone using a Microsoft cert authority in their windows domain.

  1.  Create the cert request from Oneview
    1. Log into Oneview and from the NAV in the top left select Settings. 
    2. Click on Security
    3. In the Actions menu top right, select Create appliance certificate signing request
    4. Fill in the details and click OK to get the large text block containing the base64 encoded cert request.
    5. Copy the cert request to your clipboard or save the text in Notepad.
  2.  Create a certificate template that OneView will be happy with.
    1.  On your Windows CA, open the "Certification Authority" app.
    2.  In the tree on the left side, right-click on Certificate Template and select Manage.
    3. Scroll down to Web Server and right-click select Duplicate Template
    4. On the General tab, tweak the names to your liking. I use "HPE OneView".
    5. On the Extensions tab, click Application Policies and click Edit. Add Client Authentication. Click OK. You should now have both Server Authentication and Client Authentication.
    6. On the same Extensions tab, click Key Usage and click Edit. Checkmark "signature is proof of origin (nonrepudiation)". Ensure Allow key exchange only with key encryption (key encipherment) radio button is selected. Click OK.
    7. On the Security tab, apply read and enroll to whichever user account will be requesting the cert from this CA (ie: domain admins, your windows account, etc).  I use my domain admin account.
    8. Click OK/Apply and close editing that template.
    9. Back at the main Certification Authority screen, right click again on the Certificate Template folder and select New -> Certificate Template to issue. 
    10. Choose the certificate template you just duplicated (in my case: HPE OneView).
    11. Verify that you see it in the list.
  3. Request the certificate from your CA using the new template
    1. Open a web browser and navigate to your CA's webpage.  In my case: http://dc09/certsrv 
    2. Click on "Download a CA Certificate, certificate Chain, or CRL
    3. Select Base64 and click Download CA Certificate - Name it CA-cert.txt and save it somewhere.
    4. Go back to the home page and click Request a Certificate
    5. Click Advanced Certificate Request
    6. Click Create and Submit a request to this CA.
    7. Paste in the base64 text copied from step 1 and in Certificate Template select the template name you just created, in my case HPE OneView.
    8. Click Submit.
    9. Select Base64 encoded and click Download Certificate, save the file oneview.txt.
  4. Import both the CA and the server certificate into Oneview.
    1. Back on the Security settings page of OneView, click on Actions > Manage Certificates
    2. Click Add Certificate
    3. Using Notepad, open the CA-cert.txt file you downloaded in step 3-3 above. Copy and paste the base64 text into the dialog and then click Add.
    4. Assuming no issues, close that page and then click Actions > Import Appliance certificate.
    5. Open the oneview.txt cert downloaded in step 3-9 above and copy/paste the text into this Import cert dialog.
    6. Click OK and if all goes well, no errors and the system will import the cert. 

Next time you browse the page you should get a happy cert.

Reply
kpatelvno
New Member

‎03-07-2024 10:48 AM

‎03-07-2024 10:48 AM

Re: OneView CERT

Followed @CorbettEnders  detailed directions, worked perfectly for us!

Only addition was giving the user that was doing the certificate intall enrollment rights on the certificate template.

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.