- Community Home
- >
- Software
- >
- HPE OneView
- >
- Re: OneView 4.0 and expired leaf certificates
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-21-2018 11:30 AM
03-21-2018 11:30 AM
OneView 4.0 and expired leaf certificates
After upgrading a OneView 3.10 appliance to OneView 4.00.07, I have several Security errors, which are in Locked status. The resolution says to delete the expired certificate, but I can't find any way in the OneView GUI to do that. I also tried using the OneView.400 PS cmdlet library and the cmdlet Remove-HPOVApplianceTrustedCertificate, providing the certificate alias name as the input object to the cmdlet, but with no success.
- Tags:
- certificate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-22-2018 11:40 AM
03-22-2018 11:40 AM
Re: OneView 4.0 and expired leaf certificates
You can manage certificates in the UI under Settings.
In that section of the UI, you can then search for the alias of the certificate. From the name of the alias, it looks like an Onboard Administrator certificate of one of your enclosures. I would suggest you regenerate the certificate on the OA. If the certificate is no longer in the appliance trust store (by using the Manage Certificates link above, or the Get-HPOVApplianceTrustedCertificate Cmdlet), the alert above is a bug. You can try to use the "Get-HPOVAlerts -State Locked | Remove-HPOVAlert" call. However, I don't have this state on any of my appliances so I cannot verify if this call will be allowed.
I am an HPE employee
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-23-2018 12:52 PM
03-23-2018 12:52 PM
Re: OneView 4.0 and expired leaf certificates
Hi Chris,
I have already installed a current certificatge from my CA at the Onboard Administrator, so the Search method in the OneView GUI just shows me the good (green status) certificate. Next week, I'll re-try the PS cmdlet method you suggested. I've tried that earlier, but got stumped on providing an acceptable alias name/URI to the cmdlet. It deserves another attempt! Thanks for your guidance.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-26-2018 01:09 AM
03-26-2018 01:09 AM
Re: OneView 4.0 and expired leaf certificates
When i try to remove them i get the following:
remove-hpovalert : [Send-HPOVRequest]: Only trusted Resource Managers can make this request.. Request was 'DELETE' at '/rest/alerts/937659'.
At line:1 char:31
+ get-hpovalert -state locked | remove-hpovalert
+ ~~~~~~~~~~~~~~~~
+ CategoryInfo : AuthenticationError: (Send-HPOVRequest:String) [Remove-HPOVAlert], AuthPrivilegeException
+ FullyQualifiedErrorId : AlertAuthorizationException,Remove-HPOVAlert
Any idea how i can filter this alert from the email alerts as i get spammed by the appliance constantly (leave cert only).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-09-2018 09:34 AM
04-09-2018 09:34 AM
Re: OneView 4.0 and expired leaf certificates
I had the same issue. Tried multiple things to ge it to clear up. I was able to clear a few by adding certs via Settings->Security->Manage Certificate. Finally gave up and opened case shich got escalated to L2 support. Via SSH session to Oneview they logged in as user "maintenance" and performed some witchery and the alerts were cleared. She did tell me that this is a known issue that will be fixed in a future Oneview release and if I get any future leaf cert alerts to just ignore them.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-09-2018 10:54 AM - last edited on 04-09-2018 11:46 PM by Parvez_Admin
04-09-2018 10:54 AM - last edited on 04-09-2018 11:46 PM by Parvez_Admin
Re: OneView 4.0 and expired leaf certificates
Kerry, thanks for sharing your experience with resolving this new wrinkle that popped up in OneView 4.0.
Certificate issues, including on iLO's and Onboard Administrators, are taking a portion of my time that I'd rather devote to other things.
[Nationwide is on your side.]
Steve Tippett
Distributed Platform Sustaining Team
NSC Infrastructure & Operations
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-17-2018 01:08 AM
05-17-2018 01:08 AM
Re: OneView 4.0 and expired leaf certificates
Don't care to much about the alert itself the problem is that it will fill-up my mailbox every hours with 30+ messages.
anyone has an idea how i can filter these at OV level (not in my mailbox).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-17-2018 01:14 AM
05-17-2018 01:14 AM
Re: OneView 4.0 and expired leaf certificates
I have had this issue for now around 9 months.
Spoke to a OneView Technical Advisor the other day.
Expired certificate alerts will be fixed in the next release of OneView (Frankfurt release), which apparently is in around 1 months time.
You'd think HPE employees on the OneView forum would just tell you this instead of copy and pasting the process of replacing certs....
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-24-2018 10:26 AM
05-24-2018 10:26 AM
Re: OneView 4.0 and expired leaf certificates
I don't see anything in the release notes for the new 4.00.09 release about addressing this.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-06-2018 12:03 AM
06-06-2018 12:03 AM
Re: OneView 4.0 and expired leaf certificates
We still having the same issue as well.