Establishing trust between a web browser and HPE OneView

Self-signed certificate

The default certificate generated by the appliance is self-signed; it is not issued by a trusted certificate authority.

By default, browsers do not trust self-signed certificates because they lack prior knowledge of them. The browser displays a warning dialog box; you can use it to examine the content of the self-signed certificate before accepting it. Do not use a self-signed certificate without examining it before accepting it into your browser.

Hewlett Packard Enterprise recommends that you create a signed certificate for use with the appliance. However, if you choose to use a self-signed certificate, accept the certificate into all of the browsers that will be used to access the appliance. If PowerShell scripts use the HPE OneView REST API, extra code is required which leaves the scripts open to attackers using self-signed certificates.

It is important that you view the appliance certificate fingerprint using HPE OneView Settings > Security > Certificate screen from the appliance console and validate that the fingerprint matches the one displayed by the browser when connecting to HPE OneView. If the fingerprints match, store the HPE OneView certificate in browser trust store.

CA-signed certificate

Add the CA-root and any appropriate intermediates that has signed the HPE OneView certificate to the browser trust store.