On June 29, 2011 the default SSL/TLS certificate “securelogin.arubanetworks.com” that is installed on all Aruba controllers will expire. While this default certificate was never intended for production use, Aruba is aware that a number of customers are using this certificate in production networks. These customers will need to replace the certificate.
Affected customers have two options:
1. Replace the default certificate with a certificate issued by an internal certificate authority or a public certificate authority. This option is recommended and provides the greatest security.
2. Upgrade the ArubaOS image to a version number equal to or greater than 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, or 126.96.36.199. These software images contain a new default certificate that will replace the expiring certificate. This option does not provide good security, since all Aruba customers have access to the same certificate and impersonation attacks are possible.