Certificate authority or public key infrastructure-based trust
The certificate authority (CA) or public key infrastructure-based trust approach assumes that the organization has an established public key infrastructure (PKI). A PKI is a set of roles, policies, and procedures required to create, manage, distribute, use, store, revoke digital certificates and manage public-key encryption.
Upload any CA-issued root and intermediate certificates required by the PKI of an organization into HPE OneView. These certificates form the root of trust for all certificates issued by a CA. The administrator must also upload any applicable Certificate Revocation Lists (CRL) along with the CA root and intermediate certificates.
Securely connect to each of the remote devices. This is typically accomplished by connecting to the device before it is connected to the management LAN (for example, when the device is isolated on a private network segment).
Obtain a certificate signing request (CSR) for each device.
For information on the support for various devices, see the HPE OneView Support Matrix .
Get the CSRs signed by the certificate authority.
Upload the resultant certificate to each device.
All communications between HPE OneView and the device are now secure due to the common root of trust. Typically, the CA-signed leaf certification for a device does not need to be added to the HPE OneView trust store. The root and any intermediate certificates are all that is required to validate trust for the device. However, if a discovered device uses CA-signed certificates and communications with the device occur before the user adds the CA root certificate and appropriate intermediate certificates to the HPE OneView trust store, the CA-signed leaf certificate for the device is automatically added to the trust store and is treated as a self-signed certificate.