2 using a certificate authority – HP OneView User Manual

3.10.1.2 Downloading and importing a self-signed certificate

The advantage of downloading and importing a self-signed certificate is to circumvent the browser
warning.

In a secure environment, it is never appropriate to download and import a self-signed certificate,
unless you have validated the certificate and know and trust the specific appliance.

In a lower security environment, it might be acceptable to download and import the appliance
certificate if you know and trust the certificate originator. However, HP does not recommend this
practice.

Microsoft Internet Explorer and Google Chrome share a common certificate store. A certificate
downloaded with Internet Explorer can be imported with Google Chrome as well as Internet
Explorer. Likewise, a certificate downloaded with Google Chrome can also be imported by both
browsers. Mozilla Firefox has its own certificate store, and must be downloaded and imported
with that browser only.

The procedures for downloading and importing a self-signed certificate differ with each browser.

Downloading a self-signed certificate with Microsoft Internet Explorer 9

1.

Click in the Certificate error area.

2.

Click View certificate.

3.

Click the Details tab.

4.

Verify the certificate.

5.

Select Copy to File...

6.

Use the Certificate Export Wizard to save the certificate as Base-64 encoded X.509 file.

Importing a self-signed certificate with Microsoft Internet Explorer 9

1.

Select Tools

→Internet Options.

2.

Click the Content tab.

3.

Click Certificates.

4.

Click Import.

5.

Use the Certificate Import Wizard.
a.

When it prompts you for the certificate store, select Place….

b.

Select the Trusted Root Certification Authorities store.

3.10.2 Using a certificate authority

Use a trusted CA (certificate authority) to simplify certificate trust management; the CA issues
certificates that you import. If the browser is configured to trust the CA, certificates signed by the
CA are also trusted. A CA can be internal (operated and maintained by your organization) or
external (operated and maintained by a third party).

You can import a certificate signed by a CA, and using it instead of the self-signed certificate. The
overall steps are as follows:

1.

You generate a CSR (certificate signing request).

2.

You copy the CSR and submit it to the CA, as instructed by the CA.

3.

The CA authenticates the requestor.

4.

The CA sends the certificate to you, as stipulated by the CA.

5.

You import the certificate.

For information on generating the CSR and importing the certificate, see the UI help.

56

Understanding the security features of the appliance