Create an appliance certificate signing request

The appliance uses a certificate for authentication over TLS. The certificate contains a public key, and the appliance maintains the corresponding private key, which is uniquely tied to the public key.

A CA is a trusted party that issues a certificate that enables others, who trust the CA, to also trust the host. In essence, the CA vouches for the host.

For information on creating a self-signed certificate, see Create an appliance self-signed certificate.

  • Privileges: Infrastructure administrator.

  • Gather the information for the request, as required by the certificate authority (CA).

  • Obtain the CA challenge password.

  1. From the main menu, select Settings.
  2. Click Security.
  3. Select Actions > Create certificate request.
  4. Supply the data requested on the screen. See Create an Appliance Certificate Signing Request screen details.
  5. Click OK.
  6. Copy the certificate request data from the dialog box and send it to the CA. The CA designates how and where to send the certificate request data.

    HPE Synergy Composer2 appliances require CNSA-strength certificates, specifically an RSA certificate with a bit length of 3072, and a SHA-386 digital signature. These parameters are specified in the appliance Certificate Signing Request (CSR). Some certificate authorities ignore or override CSR-requested parameters, and use SHA-256 digital signatures instead of SHA-384. HPE OneView displays a validation error when an administrator attempts to import such a certificate. The CNSA-strength requirement applies to the entire Public Key Infrastructure (PKI) certificate chain. In the chain, all certificates (CA root and intermediate) must be of CNSA-strength.

  7. Click OK.

Next steps: After you receive the certificate from the CA, see Import an appliance certificate.