Mode switch to FIPS or CNSA fails after upgrade


Cryptography mode switch to FIPS-140-2 or CNSA mode fails on an appliance which has been upgraded from HPE OneView version 2.3 to version 4.0.


The upgraded HPE OneView 4.0 version might be using an SHA1 Certificate Authority-signed certificate carried forward from HPE OneView version 2.3, which is not compliant with the FIPS-140-2 or CNSA mode.

Import an external Certificate Authority-signed certificate with an SHA256 algorithm before attempting a mode switch to FIPS. If you are switching to the CNSA mode, import a certificate signed with a SHA384 algorithm, which is compliant with the CNSA mode.