Certificates screen details

The certificates screen displays options to manage certificate in the appliance.

Click Manage certificates to see certificates in the appliance and when they expire.

Screen component

Description

Validation Displays options for validating the certificate.

Certificate validation

Enables or disables checking for certificate validity. When disabled, the appliance does not perform trust checks for any HTTPS communications.

When enabled, certificate trust checking is performed. Self-signed certificates must be present in the trust store and CA-signed certificates must have their CA root and any intermediates present in the trust store.

Select the option Check for expiration of self-signed certificates if you want to perform expiration checks for self-signed certificates. See About certificate validation for details.

Certificate revocation list (using CRLs)

Enables or disables validation of revoked certificates by checking certificates against already uploaded CRLs.

Certificate revocation checks are enabled by default. However, if a matching CRL has not been imported for a CA-issued certificate, or if a CRL has expired, the appliance bypasses the revocation check for the associated certificate when performing an HTTPS connection. If you want to restrict (or relax) revocation checking, use the options below on the edit screen.

  • Skip revocation checks when CRL is not available

    This option controls whether HPE OneView treats a missing CRL as an error during certificate validation. By default, this option is enabled and HPE OneView performs overall certificate validation with the exception of revocation checking.

  • Allow expired CRLs

    This setting controls how HPE OneView treats CRLs that are expired. When enabled, HPE OneView allows CRLs that are expired and continues to perform the revocation checks for that CRL. Refer to Notify missing or expired CRLs in order to post alerts to remind the administrator to update the expired CRL.

  • Notify missing or expired CRLs

    When enabled, alerts are displayed when there is no CRL uploaded for a CA, a CRL is about to expire, or a CRL has already expired.

Appliance certificate

Displays the appliance certificate information.

Cert common name (CN)

The certificate common name. For a self-signed certificate, this is the fully qualified hostname.

Issued by

The issuer of the certificate. For a self-signed certificate, this is the hostname of the appliance.

Valid from

The date and time when the certificate became valid.

Valid until

The date and time when the certificate will cease to be valid.

Serial number

The serial number of the certificate.

Version

The version number of the certificate.

SHA1 fingerprint

The public key hash using the SHA1 (Secure Hash Algorithm) cryptographic hash function.

SHA256 fingerprint

The public key hash using the SHA256 (Secure Hash Algorithm) cryptographic hash function.

SHA384 fingerprint

The public key hash using the SHA384 (Secure Hash Algorithm) cryptographic hash function.

Required information

Displays the required information that was entered for the certificate

Country (C)

The country where you are located

State or province (ST)

The state or province where you are located

City or locality (L)

The city, town, or village where you are located

Organization name (O)

The name of your organization

Optional information

Displays the optional information that was entered for the certificate. Some fields might be empty.

Organizational unit

The name of your department, for example

Alternative name

The alternative name of the appliance

Contact person

The name of the person to contact

Email address

The email address of the contact person

Surname

The contact person's family name

Given name

The contact person's first name

Initials

The contact person's initials

DN qualifier

The distinguished name qualifier, which further identifies the certificate recipient

Certificate signing request attributes

Displays attributes defined by the certificate authority

Unstructured name

Defined by the certificate authority

For information on managing certificates, see Manage certificates.

For information on creating a self-signed certificate, see Create a self-signed certificate.

For information on creating a certificate signing request for a certificate authority, see Create a certificate signing request.

For information on importing a certificate, see Import a certificate.