Manage certificates

Use the Actions > Manage certificate action from the main menu to see trusted CA certificates in the appliance. You can filter certificates based on status, edit a certificate, delete a certificate, add a certificate, and search certificates. You can search on certificates using name, state, or expiration date. Only the first 100 certificates are shown in the search result.

Screen component

Description

Status
The status icon near a certificate indicates the validity of the certificate:
  • Green: Indicates that a certificate is valid.

  • Yellow: Indicates that a certificate is in Warning state, for example, that the certificate is about to expire within 60 days.

  • Red: Indicates that a certificate is in Critical state, for example in an expired or in a revoked state.

Name

Displays the alias name that was used to store the certificate.

State

Displays the current state of the certificate.

Expiration

Displays the expiration date of the certificate.

Update

Updates the search criteria if any of the values of the certificate change. The update action does not modify or update any certificate.

Add certificates

Displays option to add certificates to be trusted by Image Streamer.

Paste certificate provides an option to add a CA (root or intermediate) certificate or self-signed certificate to the Image Streamer trust store by pasting the Base64-encoded certificate or chain of certificates.

Add certificate from an IP address or hostname provides an option to fetch the certificate or certificate chain by connecting to the IP address or port. This is a preferred option if a managed device is available on the network to fetch a certificate. You can enter the hostname, IPv4 or IPv6 address, and an optional port number. If you do not specify a port number, 443 is used, by default.

Force trust leaf certificate enables or disables trusting of the CA-signed leaf certificate into appliance trust store. If enabled, the appliance ignores root and intermediate certificates in the specified certificate chain. This certificate is treated similar to a self-signed certificate if the signing CA certificate is not present in the appliance.

Validate certificate validates the certificate, and optionally provides an alias name to easily identify the certificate before adding the certificate to the trust store.

Edit

Displays option to upload a CRL and associate it with a root or an intermediate CA certificate.

Delete
Displays option to delete a certificate. Once you delete a CA certificate, all certificates issued by the CA become untrusted.
NOTE:

If HPE OneView was communicating with Image Streamer that had a leaf-level certificate or a CA-signed certificate, HPE OneView cannot establish a secure connection with Image Streamer after the certificate is deleted.