Mode switch to FIPS or CNSA fails after upgrade

Symptom

Cryptography mode switch to FIPS-140-2 or CNSA mode fails on an appliance which has been upgraded from HPE OneView version 2.3 to version 4.0.

Cause

The upgraded HPE OneView 4.0 version might be using an SHA1 Certificate Authority-signed certificate carried forward from HPE OneView version 2.3, which is not compliant with the FIPS-140-2 or CNSA mode.

Action
Import an external Certificate Authority-signed certificate with an SHA256 algorithm before attempting a mode switch to FIPS. If you are switching to the CNSA mode, import a certificate signed with a SHA384 algorithm, which is compliant with the CNSA mode.