HPE Community
HPE OneView
1820882 Members
3458 Online
109628 Solutions
New Discussion юеВ

Receiving CA Certificate is about to expire in OneView

 
asadsarwarawan
Occasional Contributor

тАО02-20-2023 02:17 AM - last edited on тАО02-21-2023 09:05 PM by

тАО02-20-2023 02:17 AM - last edited on тАО02-21-2023 09:05 PM by

Receiving CA Certificate is about to expire in OneView

customer reported that they're receiving CA certificate about to be expired. please guide how to generate new certificate and replace it with the existing one. please also tell us about how long before expiring we receive these warnings as certificate is expiring in April. Thanks

0 Kudos
Reply
4 REPLIES 4
sfrench-quilter
Valued Contributor

тАО02-20-2023 07:14 AM

тАО02-20-2023 07:14 AM

Re: Receiving CA Certificate is about to expire in OneView

Just so you know there have been several public CA certs in OneView that can be safely removed and are not used.

For example: 
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=emr_na-a00067457en_us

Is the CA certificate reported an internal issuing CA or a public issuing CA?

0 Kudos
Reply
ChrisLynch
HPE Pro

тАО02-21-2023 02:46 PM

тАО02-21-2023 02:46 PM

Re: Receiving CA Certificate is about to expire in OneView

Can you provide any sample screenshot of this cert and the associated message?
I work at HPE
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
storageteamUlta
Occasional Visitor

тАО10-25-2023 11:57 AM - last edited on тАО10-25-2023 10:23 PM by

тАО10-25-2023 11:57 AM - last edited on тАО10-25-2023 10:23 PM by

Re: Receiving CA Certificate is about to expire in OneView

@ChrisLynch Im receiving this error message from our Image Streamer.

 

CA certificate with alias name Symantec Class 3 Secure Server CA - G4 is about to expire in 5 day(s),23 hour(s),34 minute(s),57 second(s)

i would upload a photo, but Im getting permission denied.

0 Kudos
Reply
sfrench-quilter
Valued Contributor

тАО10-26-2023 02:21 AM

тАО10-26-2023 02:21 AM

Re: Receiving CA Certificate is about to expire in OneView

The certificate can be removed as per the link I posted.
Here are the details from the article:

The certificates that can be removed are as follows:

  • VeriSign Class 3 Public Primary Certification Authority - G5
  • VeriSign Universal Root Certification Authority
  • Symantec Class 3 Secure Server CA - G4
  • Symantec Class 3 Secure Server SHA256 SSL CA

If any of the four CA certificates (mentioned above) are being used to sign into any other device, appliance or directory server certificates, besides the certificates for Remote Support, certificate validation errors will occur. The certificate validation failures will lead to issues, such as:

- Communication problems between OneView and the managed devices and servers

- Appliance certificate alert messages stating that the root certificate is missing

To delete the certificates, perform the following steps:

  1. Log into the OneView User Interface (UI).
  2. Select OneView -> Settings.
  3. Scroll under "Security" and click the "Manage Certificates" link.
  4. Delete the following certificates:
    - VeriSignClass 3 Public Primary Certification Authority - G5
    - VeriSignUniversal Root Certification Authority
    - SymantecClass 3 Secure Server CA - G4
    - SymantecClass 3 Secure Server SHA256 SSL CA
  5. Wait for the deletion(s) to be completed.
  6. Close the UI.

 

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.