HPE Community
HPE OneView
1752567 Members
5269 Online
108788 Solutions
New Discussion юеВ

Re: Self-signed certificate Error after Upgrade OneView 4.0

 
MarioE
Valued Contributor

тАО01-10-2018 02:32 AM

тАО01-10-2018 02:32 AM

Self-signed certificate Error after Upgrade OneView 4.0

Hello

I upgraded HPE OneView from Verion 3.10.07 to 4.00.05 today.
I had to reinstall the root CA Certificate and the WebServer Certificate.
Now I have one more mistake:

Self-signed certificate with alias name HP Infrastructure Management Certificate Authority-internal root Basic Constraint is not valid

Resolution Provide Certificate with Basic Constraint set to SubjectType = CA. Try again.
 
However, I do not have a self-signed certificate.
How can I clear the error?

The alert is locked.

5 people had this problem.
0 Kudos
Reply
29 REPLIES 29
ChrisLynch
HPE Pro

тАО01-12-2018 10:00 AM

тАО01-12-2018 10:00 AM

Re: Self-signed certificate Error after Upgrade OneView 4.0

Is this an HPE Synergy system?  Have you updated the Frame Link Module firmware yet?


I am an HPE employee

Accept or Kudo

0 Kudos
Reply
Bart_Heungens
Honored Contributor

тАО01-12-2018 10:04 AM

тАО01-12-2018 10:04 AM

Re: Self-signed certificate Error after Upgrade OneView 4.0

In my case it is a OV VM with a C7000 behind it... So ny Synergy (yet)...

--------------------------------------------------------------------------------
If my post was useful, clik on my KUDOS! "White Star" !
0 Kudos
Reply
ChrisLynch
HPE Pro

тАО01-12-2018 10:06 AM

тАО01-12-2018 10:06 AM

Re: Self-signed certificate Error after Upgrade OneView 4.0

Thank you, Bart.  I'm looking into this.


I am an HPE employee

Accept or Kudo

0 Kudos
Reply
Bart_Heungens
Honored Contributor

тАО01-12-2018 10:18 AM

тАО01-12-2018 10:18 AM

Re: Self-signed certificate Error after Upgrade OneView 4.0

Hi Chris, if you need more information or want access to my OV Instance, you know where to find me...

--------------------------------------------------------------------------------
If my post was useful, clik on my KUDOS! "White Star" !
0 Kudos
Reply
MarioE
Valued Contributor

тАО01-13-2018 03:28 AM - edited тАО01-13-2018 03:28 AM

тАО01-13-2018 03:28 AM - edited тАО01-13-2018 03:28 AM

Re: Self-signed certificate Error after Upgrade OneView 4.0

Hi Chris

I have an HPE OneView on a VM, only with HPE Proliant Server Monitored. No Synergy, no enclosure with blades available.

0 Kudos
Reply
ChrisLynch
HPE Pro

тАО01-18-2018 12:07 PM - edited тАО01-18-2018 12:09 PM

тАО01-18-2018 12:07 PM - edited тАО01-18-2018 12:09 PM

Re: Self-signed certificate Error after Upgrade OneView 4.0

Following up on this discussion.  This appears to be an issue with the State Change Message Bus (SCMB) certificate when the appliance was upgraded from older versions to 4.00.  It will need to be recreated.  The easiest way is to use the PowerShell Cmdlets:

# Remove the SCMB certificate from the connected appliance
Remove-HPOVScmbCertificate

# Recreate and retrieve the certs
Get-HPOVScmbCertificate

Please let me know if that does resolve the message.

Also, anyone using HPE OneView Global Dashboard, you will likely need to refresh or reconnect the appliances after performing this operation.


I am an HPE employee

Accept or Kudo

Reply
MarioE
Valued Contributor

тАО01-22-2018 05:04 AM

тАО01-22-2018 05:04 AM

Re: Self-signed certificate Error after Upgrade OneView 4.0

Hi Chris


What is the syntax for these commands? I could not find anything helpful in the help.
Here is the output of the commands (without syntax):

PS > Remove-HPOVScmbCertificate
Remove-HPOVScmbCertificate : The SCMB certificate key pair has not bee generated on the appliance "<FQDN>".  Please use Get-HPOVScmbCertificates to generate a new certificate key pair.
At line:1 char:1
+ Remove-HPOVScmbCertificate
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (ScmbCertifcateKeyPait:String) [Remove-HPOVScmbCertificate], ResourceNotFoundException
    + FullyQualifiedErrorId : ResourceNotFound,Remove-HPOVScmbCertificate

 

and

 

PS > Get-HPOVScmbCertificates
Get-HPOVScmbCertificates : The requested resource '/rest/certificates/client/rabbitmq/keypair/default' could not be found. Please supply a valid and unique common name and try again.
At line:1 char:1
+ Get-HPOVScmbCertificates
+ ~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (URI:String) [Get-HPOVScmbCertificates], ResourceNotFoundException
    + FullyQualifiedErrorId : ResourceNotFound,Get-HPOVScmbCertificates

0 Kudos
Reply
ComputerUser
New Member

тАО01-24-2018 07:36 AM

тАО01-24-2018 07:36 AM

Re: Self-signed certificate Error after Upgrade OneView 4.0

Did anyone solve this problem? I have the exact same issue after upgrading to version 4.0.  Here is my alert: "

Self-signed certificate with alias name HP Infrastructure Management Certificate Authority-internalroot Basic Constraint is not valid Security"

"Resolution Provide a certificate with Basic Constraint set to SubjectType=CA. Try again."

0 Kudos
Reply
ChrisLynch
HPE Pro

тАО01-24-2018 10:35 AM

тАО01-24-2018 10:35 AM

Re: Self-signed certificate Error after Upgrade OneView 4.0

@MarioE, the appliance exception to the self-signed certificate is the State Change Message Bus (SCMB).  Are you using the HPE OneView for vCenter plugin?  If so, what version? 

As for the Cmdlets, it appears that someone may have created the SCMB using a different name, and that is why the Cmdlets are failing.


I am an HPE employee

Accept or Kudo

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.