2 self-signed certificate, 1 verifying a certificate – HP OneView User Manual

3.10.2 Self-signed certificate

The default certificate generated by the appliance is self-signed; it is not issued by a trusted certificate
authority.

By default, browsers do not trust self-signed certificates because they lack prior knowledge of them.
The browser displays a warning dialog box; you can use it to examine the content of the self-signed
certificate before accepting it.

3.10.2.1 Verifying a certificate

You can verify the authenticity of the certificate by viewing it with your browser.

After logging in to the appliance, choose Settings

→Security to view the certificate. Make note of

these attributes for comparison:

•

Fingerprints (especially)

•

Names

•

Serial number

•

Validity dates

Compare this information to the certificate displayed by the browser, that is, when browsing from
outside the appliance.

3.10.2.2 Downloading and importing a self-signed certificate

The advantage of downloading and importing a self-signed certificate is to circumvent the browser
warning.

In a secure environment, it is never appropriate to download and import a self-signed certificate,
unless you have validated the certificate and know and trust the specific appliance.

In a lower security environment, it might be acceptable to download and import the appliance
certificate if you know and trust the certificate originator. However, HP does not recommend this
practice.

Microsoft Internet Explorer and Google Chrome share a common certificate store. A certificate
downloaded with Internet Explorer can be imported with Google Chrome as well as Internet
Explorer. Likewise, a certificate downloaded with Google Chrome can also be imported by both
browsers. Mozilla Firefox has its own certificate store, and must be downloaded and imported
with that browser only.

The procedures for downloading and importing a self-signed certificate differ with each browser.

Downloading a self-signed certificate with Microsoft Internet Explorer 9

1.

Click in the Certificate error area.

2.

Click View certificate.

3.

Click the Details tab.

4.

Verify the certificate.

5.

Select Copy to File...

6.

Use the Certificate Export Wizard to save the certificate as Base-64 encoded X.509 file.

Importing a self-signed certificate with Microsoft Internet Explorer 9

1.

Select Tools

→Internet Options.

2.

Click the Content tab.

3.

Click Certificates.

4.

Click Import.

5.

Use the Certificate Import Wizard.
a.

When it prompts you for the certificate store, select Place….

b.

Select the Trusted Root Certification Authorities store.

3.10 Managing certificates from a browser

51