Mode switch to FIPS or CNSA fails after upgrade

Symptom

Cryptography mode switch to Federal Information Processing Standard (FIPS)-140-2 or Commercial National Security Algorithm (CNSA) mode fails on an appliance which has been upgraded from HPE OneView version 2.3 to version 4.0.

Cause

The upgraded HPE OneView 4.0 version might be using an SHA-1 Certificate Authority (CA)-signed certificate carried forward from HPE OneView version 2.3, which is not compliant with the FIPS-140-2 or CNSA mode.

Action
Import an external CA-signed certificate with an SHA-256 algorithm before attempting a mode switch to FIPS. If you are switching to the CNSA mode, import a certificate signed with a SHA-384 algorithm, which is compliant with the CNSA mode.