Loading...
Loading...
Users can import PKCS#12 certificates for an HPE OneView appliance using *.pfx or *.p12 file formats. This feature provides appliance certificates with key lengths differing from those generated through Certificate Signing Requests (CSRs) and created within the OneView Graphical User Interface (GUI).For example, users may generate an appliance certificate with a 4096-bit key length and import it into OneView via the PKCS#12 import option.However, if either CNSA (Commercial National Security Algorithm) or FIPS (Federal Information Processing Standards) security modes are enabled in HPE OneView, the appliance certificates with key lengths other than 2048 bits or 3072 bits are not supported. Attempting to import such certificates may result in critical issues, including:HPE OneView will fail to power-on.HPE OneView upgrade processes will fail.HPE OneView will fail to change Security Modes.
HPE OneView 7.20 and HPE OneView for Synergy 7.20 or later.
The users who apply an HPE OneView appliance certificate with an unsupported key length must replace the certificate with one that uses a supported key length (2048 bits or 3072 bits) before performing the following actions:Restart the HPE OneView appliance.Upgrade HPE OneView to a later version.Use the Security Mode switch of the HPE OneView appliance.To ensure seamless operation, verify and update the appliance certificate to align with the supported key lengths based on your configured security mode.NOTE: Failure to replace the certificate may result in critical operational issues, including appliance startup failures and unsuccessful upgrade processes.
Operating Systems Affected:Not Applicable
Click on a version to see all relevant bugs
Hewlett Packard Enterprise Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.