HPE OneView
cancel
Showing results for 
Search instead for 
Did you mean: 

OneView Directory Login Issue since update

Highlighted
SteveSC
Occasional Contributor

OneView Directory Login Issue since update

Hello

Since our OneView was updated from 3.00.05 to 4.00.07.02. we have been unable to login with our AD accounts. Only the local login can be used to access OneView.

When trying to login we get the error message:

"Unable to establish trusted communication with the server. The directory server certificates signature algorithm is not supported by OneView in the current security mode. Refer to OneView and directory server user documentations to know more about the certificate signature algorithms supported by each system in the various security modes. Set up the directory server with a certificate having signature algorithm that is supported by OneView in its current security mode. After setting up the directory server with the certificate as specified, add the directory server certificate into the OneView."

The certificates in use for our directory servers are been used on another OneView server without an issues at the moment so it is odd we have encountered this issue since the upgrade.

I have been able to re-add the certificates using the "Paste Certificate" option but not when using "Add certificate from an IP address or hostname". When I try that option I get

"Secure connection to the device or server failed because the connection could not be negotiated at the desired level of security. 

HANDSHAKE_FAILED_DETAILS

Resolution Check if the device or server is compliant with the appliance cryptography mode."

I had read that the root and intermediate certificates should be present but when using  "Paste Certificate" for these I get 

"Signature algorithm of the certificate is not supported. 

Signature algorithm of the certificate is not in the allowed range.

Resolution provide a certificate that has a valid signature algorithm and try again."

The signature algorithm for the root and intermediate are RSASSA which I have found may be an issue in general looking at "https://pkisolutions.com/pkcs1v2-1rsassa-pss/" but are ticking the "force trust leaf certificate so I would presume the root and intermediate would not matter unless them using RSASSA has caused an issue for the directory certificates.

Any advice anyone can be offered would be greatly appreciated.