- Community Home
- >
- Software
- >
- HPE OneView
- >
- Re: OneView CERT
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-03-2021 08:45 AM - edited 02-03-2021 08:50 AM
02-03-2021 08:45 AM - edited 02-03-2021 08:50 AM
Re: OneView CERT
Here's the steps for someone using a Microsoft cert authority in their windows domain.
- Create the cert request from Oneview
- Log into Oneview and from the NAV in the top left select Settings.
- Click on Security
- In the Actions menu top right, select Create appliance certificate signing request
- Fill in the details and click OK to get the large text block containing the base64 encoded cert request.
- Copy the cert request to your clipboard or save the text in Notepad.
- Create a certificate template that OneView will be happy with.
- On your Windows CA, open the "Certification Authority" app.
- In the tree on the left side, right-click on Certificate Template and select Manage.
- Scroll down to Web Server and right-click select Duplicate Template
- On the General tab, tweak the names to your liking. I use "HPE OneView".
- On the Extensions tab, click Application Policies and click Edit. Add Client Authentication. Click OK. You should now have both Server Authentication and Client Authentication.
- On the same Extensions tab, click Key Usage and click Edit. Checkmark "signature is proof of origin (nonrepudiation)". Ensure Allow key exchange only with key encryption (key encipherment) radio button is selected. Click OK.
- On the Security tab, apply read and enroll to whichever user account will be requesting the cert from this CA (ie: domain admins, your windows account, etc). I use my domain admin account.
- Click OK/Apply and close editing that template.
- Back at the main Certification Authority screen, right click again on the Certificate Template folder and select New -> Certificate Template to issue.
- Choose the certificate template you just duplicated (in my case: HPE OneView).
- Verify that you see it in the list.
- Request the certificate from your CA using the new template
- Open a web browser and navigate to your CA's webpage. In my case: http://dc09/certsrv
- Click on "Download a CA Certificate, certificate Chain, or CRL
- Select Base64 and click Download CA Certificate - Name it CA-cert.txt and save it somewhere.
- Go back to the home page and click Request a Certificate
- Click Advanced Certificate Request
- Click Create and Submit a request to this CA.
- Paste in the base64 text copied from step 1 and in Certificate Template select the template name you just created, in my case HPE OneView.
- Click Submit.
- Select Base64 encoded and click Download Certificate, save the file oneview.txt.
- Import both the CA and the server certificate into Oneview.
- Back on the Security settings page of OneView, click on Actions > Manage Certificates
- Click Add Certificate
- Using Notepad, open the CA-cert.txt file you downloaded in step 3-3 above. Copy and paste the base64 text into the dialog and then click Add.
- Assuming no issues, close that page and then click Actions > Import Appliance certificate.
- Open the oneview.txt cert downloaded in step 3-9 above and copy/paste the text into this Import cert dialog.
- Click OK and if all goes well, no errors and the system will import the cert.
Next time you browse the page you should get a happy cert.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-07-2024 10:48 AM
03-07-2024 10:48 AM
Re: OneView CERT
Followed @CorbettEnders detailed directions, worked perfectly for us!
Only addition was giving the user that was doing the certificate intall enrollment rights on the certificate template.
- « Previous
-
- 1
- 2
- Next »