HPE Community
HPE OneView
1751924 Members
4823 Online
108783 Solutions
New Discussion юеВ

Re: Unable to establish trusted communication with the server -> HPE OneView 4.00.07.02

 
Rextor
New Member

тАО06-01-2018 12:11 AM

тАО06-01-2018 12:11 AM

Re: Unable to establish trusted communication with the server -> HPE OneView 4.00.07.02

Did you find a solution for this one? We are facing the same problem when using certificates from our own certificate authority and not the self signed certificates

0 Kudos
Reply
MarioE
Valued Contributor

тАО06-01-2018 05:07 AM

тАО06-01-2018 05:07 AM

Re: Unable to establish trusted communication with the server -> HPE OneView 4.00.07.02

Yes, I could solve the problem.
We are in the process of replacing our internal CA.
That means I have to enter both CA servers under Settings - Manage certificates (Trust Store).
I had to recreate all iLO Trusted SSL Certificate signed by our old CA, with the new CA.

In the Trust Store, I have changed nothing more, just recreated the certificates with the new CA. That is, there are still both CA (old and new) registered in the Trust Store.

I had both CA registered in the Trust Store for some time, but I only had problems after the update to Version 4.00.07.02.

0 Kudos
Reply
Ralph1969
Advisor

тАО11-06-2018 07:08 AM - edited тАО11-06-2018 07:09 AM

тАО11-06-2018 07:08 AM - edited тАО11-06-2018 07:09 AM

Re: Unable to establish trusted communication with the server -> HPE OneView 4.00.07.02

Hi,

I have the same issue, after all my G7 ILO 3 expired all at the same time, I reset the ILO to generate a new cert.
And when I tried to refresh or add in OneVew I get the error "The iLO certificate does not have any IP address or host name specified."

I placed a call to HP to show them the problem, got transfert to a L2 and worked 2hr in a My Room session trying to fix it.
2 weeks later when I ask for an update I get: 
Still working on lab server, will contact you at the earliest once have an update regarding the same.

HP obvioulsy aware of the problem but dont have any solution yet.

 I will update once we figure it out

Save the cheerleader save the world....
0 Kudos
Reply
BhaskarV
Trusted Contributor

тАО11-07-2018 07:15 AM

тАО11-07-2018 07:15 AM

Re: Unable to establish trusted communication with the server -> HPE OneView 4.00.07.02

Hi  @Ralph1969

This works, i.e. regenerating the cerificate on the iLO followed by fetching and trusting the new certificate in OneView.
Can you ask for an elevation of the support case?

Regards,
Bhaskar

 


I am an HPE employee

Accept or Kudo

0 Kudos
Reply
craigpennock
Occasional Advisor

тАО02-07-2019 04:02 AM

тАО02-07-2019 04:02 AM

Re: Unable to establish trusted communication with the server -> HPE OneView 4.00.07.02

Hello.

Did anyone manage to resolved this for the G7's?

Gen 8 & 9 allow me to create a cert request with the IP address, but G7's do not have this option

Thanks

Craig

0 Kudos
Reply
BhaskarV
Trusted Contributor

тАО02-08-2019 05:49 AM

тАО02-08-2019 05:49 AM

Re: Unable to establish trusted communication with the server -> HPE OneView 4.00.07.02

Hi @craigpennock 

Given Gen 7 / iLO3, did you generate a CSR from the iLO and get a CA signed certificate?
Does the certificate you generated for the iLO have the DNS name for the iLO in the SAN / Subject field?
The CSR I generated on my test iLO looks like the attached.

iLO4 Gen7 CSRiLO4 Gen7 CSR

The CN "myilo.pe.com" in the CSR should have made its way through the certifcate signing process.
Let me know. 

Regards,
Bhaskar


I am an HPE employee

Accept or Kudo

0 Kudos
Reply
craigpennock
Occasional Advisor

тАО02-08-2019 07:11 AM

тАО02-08-2019 07:11 AM

Re: Unable to establish trusted communication with the server -> HPE OneView 4.00.07.02

I do not have the option for Common Name so had to add the below on the CA when requesting the cert.

san:dns=IPADDRESS&dns=ILONAME

 

thanks for the advise though

0 Kudos
Reply
BhaskarV
Trusted Contributor

тАО02-10-2019 08:32 PM

тАО02-10-2019 08:32 PM

Re: Unable to establish trusted communication with the server -> HPE OneView 4.00.07.02

Thanks @craigpennock  
Glad you worked around the problem by specifying the IP address and FQDN in the SAN when submitting the CSR to the CA.

What version of iLO3 firmware are the Gen7s you have at?
Anything close to 1.88, 1.89 or 1.91 (the latest available firmware for iO3)
If you take a look at the screen shot above where Common Name (CN) = myilo.hpe.com, that field gets carried forward as the Subject field at the very least in the CSR if not the SAN.

Even if the IP address is included in the SAN field, some CAs (Certificate Authorities) do no accept IP addresses.
They do accept FQDNs and allow a provision for you to specify the FQDN in the SAN at the time of submitting the CSR for getting signed, like you just did.

Regards,
Bhaskar


I am an HPE employee

Accept or Kudo

0 Kudos
Reply
VinnyWills
HPE Pro

тАО04-07-2020 05:58 PM

тАО04-07-2020 05:58 PM

Re: Unable to establish trusted communication with the server -> HPE OneView 4.00.07.02

Hello All,

Try creating a new local user acc in ILO and try adding via that also you can resetting the local user account and try...

I am an HPE Employee

Accept or Kudo

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.