Re: Clear Locked Alerts for Expired Leaf Certificates

BenjieE · ‎01-29-2018

Hi,

Since upgrading to HP OneView 4.0 we have multiple alerts that will not clear due to locked alerts relating to expired certificates for a number of our iLO's and Onboard Administrators. It appears they will not clear no matter what we do. Things tried are

Delete expired certificates.
Create new certficiates from our CA.
Create new certificates from our CA with the original name of expired certificate
Remove and Re-Add Enclosures and Servers.
Rescan
Reboot
Firmware updates on all of the iLO's and OA's.

We would like to close these locked alerts, but I gather you cannot and it must clear itself automatically. Problem is they wont clear automatically, so either its a bug or we would like some assistance if possible to clear them?

Thanks in advance.

ServerParrott · ‎01-29-2018

We currently have exactly the same problem and have tried everything you have listed.

The appliance is saying to add a new cert with the same alias name as the expired one. Once this has been done the alert does not clear.

Following the thread for a resolution.

JakubM · ‎01-29-2018

Yep, we have same problem but with C7000 Onboard Administrator certificate. After regenerating of certificate one alert goes away, but other two are still locked: for IPv6 address and for enclosure serial number. How to get rid of them?

Refreshing enclosure not helping, deleting old certificates too. In certificate configuration i have good certificates now for all three options: ipv4, ipv6 and SN:

Something is really broken with certificate management in OV4.

ServerParrott · ‎02-02-2018

@BenjieE Have you had a response from HPE yet? They seem to have replied to all recent threads apart from this one which is pretty disappointing. Getting tired of looking at locked alerts now ha!

BenjieE · ‎02-02-2018

Hey ServerParrott,

Nope not a peep from HP about this issue yet sadly.

Thanks

Benjie

Matthew Ingram · ‎02-27-2018

I have a case opned at Level 2 for this issue as well.

BenjieE · ‎02-28-2018

Hi Matt,

It would be great if you could share the results of their findings. I am expecting/hoping it to be fixed in the next release judging by some of the comments on others posts in this forum.

Thanks

Ben

Kelly M Knowles · ‎09-13-2018

It would actually be ideal if we had the option to simply trust the root certificate and the leaf certificates would be trusted as well regardless if they renew. I have domain controllers which I use for LDAP authentication which will go out and renew their own certificate and everything I use other than OneView seems to be fine with simply trusting the root CA.

BhaskarV · ‎09-16-2018

Hi Kelly M Knowles,

Starting version 4.0.x, we do allow trusting just the top most Root CA, allowing LDAP / AD servers to freely renew their certificates, retaining the top most Root CA.

Let us know if this is not working and open a support case with a support dump.

Regards,
Bhaskar

I am an HPE employee

mLuXoR · ‎09-17-2018

Try:

- Factory Reset applience
- before add enclosure OneView Settings - security - Certificates - Disable Certificate validation and Certificate revocation checking (using CRLs).
- add enclosure

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: Clear Locked Alerts for Expired Leaf Certificates

Clear Locked Alerts for Expired Leaf Certificates