I really hope someone can help, but we have got some issues with the above! Latest version, 9.40.
1) Adding a CA cert to the appliance, makes the cert "visible" in the vCenter plug in, but when browsing the https interface for management of the device, the cert is still the old self signed one rather than the one which was provisioned.
2) When viewing the VASA screen I get this:-
Is there anything I can do to solve these problems? I see almost nothing on the internet about Oneview4vCenter!
Thanks
Greetings,
Have you checked by restarting the HPE OneView for VMware vCenter appliance. after adding signed certificate.
Also please verify the below step used to add CA signed certificate.
Installing a CA-signed certificate
HPE recommends using a CA-signed certificate when using the HPE OneView for VMware vCenter with the VMware VASA provider.
To add a signed certificate:
Procedure
1. Navigate to Home > Administration > HPE OneView for VMware vCenter.
2. Click Certificate Management.
The Certificate Management page is displayed.
3. Click Generate certificate signing request.
The Generate Certificate Signing Request window is displayed.
4. Enter the following information in the mandatory fields:
• Country
• State
• Locality
• Organization
• Common name (The fully qualified vCenter Server name)
Additionally, you can also enter the information in the optional fields:
• Organization unit
• Email
• Surname
• Given name
The certificate signing request is generated. A certificate request with 1024-bit encryption is generated.
5. Click the close icon to save and go back to the Certificate Management window.
6. Provide the certificate signing request to your trusted authority. The trusted authority must generate a
signed certificate that matches your signing request.
7. Export the certificate using Base-64 encoding.
8. Click Install Signed Certificate.
The Install Signed Certificate window opens.
9. Press ctrl+v to paste the certificate in the empty text area.
10. Click the close icon to save and go back to the Certificate Management page.
11. Restart the HPE OneView for VMware vCenter appliance.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Hi,
Yes, I do all this, but in Vcenter it says the certificate is installed, but going to the web interface of the appliance, the certificate is still the old one.
When I go into vCenter and look at the Installed Certificate for OV4VC, it shows me our custom MS CA generated certificate, so something is wrong here, either a bug, or the web service on the appliance does not use the certificate you give it..?
Still Vasa problem no matter what...:-
The certifcate for 443 port is not updated when you upload CA certifcate due to underlying OS webserver limiation. This is known issue.
All other service ports are updated with CA certificate. So in vCenter it will reflect the updated CA certifcate. We are working on the fix for this issue. It will be fixed in later releases. (9.6 or later)
VASA Issue:
This is fixed in 9.5 release. It will be availalble for download on end of this month. For now, the work around is to have a certificate available for Server management mode.
I work for HPE
Hi, I fixed the VASA issue and I can tell you how.
I had a 3paroneview user on the array, with EDIT Authorization. When this was changed to Super, the certificates showed up fine in the OV4VC console!! I cannot believe this was the fix, but there we go. Was waiting over 6 weeks for HPE to have a look at this, but this works for me anyway. (I upgraded to 9.5, and the issue was still there)
Re: the webserver port, OK, as long as this is a known bug/limitation and not an issue with our system specifically, I am happy enough with that I suppose. You might want to update the documentation for these required rights. Edit was not enough.
Here is screen when changing the user on the array to super rights:-
EDIT:- Sorry, just to clarify, the account which the OV4VC Appliance is set to connect to the storage with MUST be super rights, or your VASA Certificates do not show.
