Onboard Administrator Certificates

By default, the HPE Onboard Administrator (OA) generates self-signed certificates. These certificates do not contain the following:

Subject field with a fully qualified domain name, that is a common name (CN) field
Subject Alternate Name (SAN) field

The default certificate does not offer adequate security as you cannot bind the certificate to a specific device identity of HPE OneView. Instead, you must opt to use the PKI CA-signed certificates, or, if self-signed must be used, create a new OA self-signed certificate and manually specify the following:

A fully qualified domain name (FQDN) for the CN field of the certificates.
The same FQDN in addition to the IP addresses of the OA in the Subject Alternative Name field. Make sure to include all the valid OA IPs that are used in your management environment (IPv4, IPv6 and IPv6 link local).
The Onboard Administrator online help provides details on how to properly specify the values for the SAN field.