HPE Community
HPE OneView
1837002 Members
2167 Online
110111 Solutions
New Discussion

The certificate does not have a matching certificate signing request (CSR).

 
bazoo
Occasional Collector

‎08-21-2022 10:52 PM - last edited on ‎08-25-2022 11:13 PM by

‎08-21-2022 10:52 PM - last edited on ‎08-25-2022 11:13 PM by

The certificate does not have a matching certificate signing request (CSR).

We maintain our own PKI infrastructure, when I try to add a CA signed X.509 cert into OneView (v7.0) I get the following
error.

The CSR in question is, I think, the default one that is generated when the box is configured. Our internal DN consists of multiple OU and other elements O=, that I cannot configure into the CSR, the CN of the provided certificate is not the FQDN of the unit. The CA certificate has been added to Oneview.

Copy the CA certificate text and paste it into the box:
Error:

"The certificate does not have a matching certificate signing request (CSR).
Unable to import signed certificate.
The certificate signing request (CSR) was not found for the specified signed certificate.

ResolutionGenerate a certificate signing request (CSR). Obtain a CA-signed certificate. Then, import the signed certificate again. "

0 Kudos
Reply
3 REPLIES 3
MV3
HPE Pro

‎08-23-2022 11:21 PM

‎08-23-2022 11:21 PM

Re: The certificate does not have a matching certificate signing request (CSR).

Hello,

 

From the above comments we suspect the generated CA is not correct.

Please find the below steps to generate the certificate and add it to the appliance.

 

https://techlibrary.hpe.com/device_help/HPJ9774A/Security/SSL/CARequest.htm

Cheers

 



I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
bazoo
Occasional Collector

‎08-24-2022 05:01 PM - last edited on ‎08-25-2022 05:58 AM by

‎08-24-2022 05:01 PM - last edited on ‎08-25-2022 05:58 AM by

Re: The certificate does not have a matching certificate signing request (CSR).

@MV3 

Thanks for taking the time to respond.

Your answer doesn't help us in this situation as we cannot modify the CSR to match the format of our DN
which is in the format of CN=<name>,OU=<name>, OU=<name>, O=<name>, C=<country>

Plus we have specific naming format for the CN of appliances that doesn't match the default. ie we cannot use the FQDN as a CN.
Is there a way to be able to bascially upload a P12, with our own private key and public cert for the device?

0 Kudos
Reply
MV3
HPE Pro

‎08-25-2022 10:21 PM

‎08-25-2022 10:21 PM

Re: The certificate does not have a matching certificate signing request (CSR).

Hi

 

The certificate that gets generated by default on a newly installed appliance is an RSA certificate. Currently, only RSA certificates are supported for the appliance certificate.

 

Please log a support case with HPE for a review of the issue reported.



I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.