HPE OneView
1748177 Members
4331 Online
108758 Solutions
New Discussion

Re: Self-signed certificate Error after Upgrade OneView 4.0

 
MarioE
Valued Contributor

Re: Self-signed certificate Error after Upgrade OneView 4.0

Hi Chris

we do not use vCenter plugin.
No one has ever created an SCMB certificate. For me, this certificate is new.

fluke
Regular Visitor

Re: Self-signed certificate Error after Upgrade OneView 4.0

Installed OneView Powershell from GitHub 
https://github.com/HewlettPackard/POSH-HPOneView/releases/tag/v4.0.1554.2229

Ran 

# Remove the SCMB certificate from the connected appliance
Remove-HPOVScmbCertificate

# Recreate and retrieve the certs
Get-HPOVScmbCertificate

and nothing happened. Checked OneView GUI Activity and it showed Certificates have been regenerated. It has been 1 hour and the "Self-signed certificate with alias name HP Infrastructure Management ..." error has not showed up.  It usually reprompts every hourly.

MarioE
Valued Contributor

Re: Self-signed certificate Error after Upgrade OneView 4.0

Here is the output of the commands:

PS C:\> Remove-HPOVScmbCertificate
Remove-HPOVScmbCertificate : The SCMB certificate key pair has not bee generated on the appliance "svpas00012.ads.ktag.ch".  Please use Get-HPOVScmbCertificates to generate a new certificate key pair.
At line:1 char:1
+ Remove-HPOVScmbCertificate
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (ScmbCertifcateKeyPait:String) [Remove-HPOVScmbCertificate], ResourceNotFoundException
    + FullyQualifiedErrorId : ResourceNotFound,Remove-HPOVScmbCertificate

 

and the command "Get-HPOVScmbCertificate" is not right. The correct command is "Get-HPOVScmbCertificates"

PS C:\> Get-HPOVScmbCertificates
Get-HPOVScmbCertificates : The requested resource '/rest/certificates/client/rabbitmq/keypair/default' could not be found. Please supply a valid and unique common name and try again.
At line:1 char:1
+ Get-HPOVScmbCertificates
+ ~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (URI:String) [Get-HPOVScmbCertificates], ResourceNotFoundException
    + FullyQualifiedErrorId : ResourceNotFound,Get-HPOVScmbCertificates

 

After I run the command, I see the following entry on the HPE OneVeiw GUI under Activity (see attachment):

Client Certificate Generation.

Issue

 

Error occurred while generating RabbitMq client certificate.
Error occurred while creating Key pairs for RabbitMq.

Resolution

Please retry the operation.

 

IvoT
Visitor

Re: Self-signed certificate Error after Upgrade OneView 4.0

Hi , I had the same problem, just want to share what I did. Maybe I am stupid, but I did what the error says.
There was sayed that State is not CA, so I was courious what will happen when I Will put in the field State (ST) leters CA.
And ....   It worked !!

  • State or province (ST)    CA

Looks that is all what the applience wants
So I encourage all to test it :  Security >> Actions >> Create appliance self signed Cert
Then fill as you need probably just Keep ST=CA ( even if you are not from US )   :-)

 

MarioE
Valued Contributor

Re: Self-signed certificate Error after Upgrade OneView 4.0

@IvoT

Hi
the error says: Resolution Provide a certificate with Basic Constraint set to SubjectType=CA
I have no mistake which says, "State" has to be CA.

 

 

MarGro
Occasional Collector

Re: Self-signed certificate Error after Upgrade OneView 4.0

Same Issue here, after upgrading oneView (Synergy Composer) from 3.10.x to 4.00.07 the same CA error. Changed the ST=CA doesn't fix the error. Any other toughts?

MarioE
Valued Contributor

Re: Self-signed certificate Error after Upgrade OneView 4.0

The problem was fixed today after 2 months.
After I opened a case at HPE 2 months ago, I was able to do a WebEx session today.
Using REST API, support was able to delete the certificate.
Then, a new certificate was created in the HPE OneView.

Certificates_regenerated.jpg

The parameter for REST API was:

DELETE https://<HOSTNAME>/rest/certificates/ca/rabbitmq_readonly

This was done with support from HPE.
As already mentioned, I had the support of HPE through an opened case.

ChrisLynch
HPE Pro

Re: Self-signed certificate Error after Upgrade OneView 4.0

@MarioE, glad to see your issue was resolved.  But you could have also used the PowerShell library to perform that step (Remove-HPOVScmbCertificate).


I am an HPE employee

Accept or Kudo

MarioE
Valued Contributor

Re: Self-signed certificate Error after Upgrade OneView 4.0

@ChrisLynch, I tried that too. I got an error with the command in the PowerShell, as described above. It worked with REST API.

ChrisLynch
HPE Pro

Re: Self-signed certificate Error after Upgrade OneView 4.0

The Cmdlet uses the exact same REST API call.  Not sure why it failed for you and the raw REST API call worked.


I am an HPE employee

Accept or Kudo