It’s been a while since I looked at the HPE OneView Appliance in my Lab.
Note: HPE_OneView_5.00.02_ESXi_Z7550-96801.ova used in this Lab.
I have a need to configure LDAP in a customer site so I thought I’d take a fresh look at this in my lab first and throw in replacing the default self signed SSL certificate while I was at it.
First for the LDAP. This is straight forward enough. About 10 – 15 minutes should cover it. Go to Settings and then Security.

Scroll down and Click Add Directory



Trust the Cert, Trust the Leaf etc as appropriate.

Now you should have something like the following:

Next for permissions. We can try to add a user but we only get a local user option, we can’t reference an AD user directly, only an AD Group

This is the dialog to point to an AD Group:

You can browse to AD now and pick out the right group which also proves the service account works

There a few roles – Infrastructure Administrator is the top level one with all permissions.

That’s the one I chose

I’ve added in Domain Users here but you’ll probably have a more suitable AD group to select

I changed default directory to lab.local here and it then is the default on the logon page.

The log page is shown below. I’m testing with a different user here as my service account fails to logon, even though its in the same group so be warned! The user1 account worked fine.

Now, for the Certificate.
There are two main steps – import your root / intermediate certs from your CA, then generate a CSR and import the signed certificate.
Go to Security and you see where it states Manage Certificates? This is where you import your CA root and intermediate certificates. It’s NOT for importing your oneview signed certificate! Click into Manage Certificates.






On the previous menu click on Import appliance certificate and paste in the signed base-64 data


The Server 2019 CA web server template I’d used to originally sign the CSR didn’t have the required attributes. I thought it was only missing the client authentication element but my screenshot below indicates it was worse than that. I duplicated the web server template, added in both elements and then published the new template so I could re-request and sign the CSR and paste in the required elements, then it worked.

The other issue was I went straight to the oneview cert and didn’t import the root certificate first. That’s when I got the following error:

If you follow my steps above you’ll avoid this.
That’s it – 2 minutes later and you’re running on a signed certificate for your OneView Appliance version 5.02. Hope this helps somebody!!