Aruba Instant & Cloud Wi-Fi

Reply
Occasional Contributor I
Posts: 9
Registered: ‎05-20-2015

How do I generate a CSR from an Virtual Controller?

[ Edited ]

I have a couple IAP-105s, and I am using the Virtual controller. I want to use WPA2-Enterprise with local authentication and wish to replace the self signed cert. How do I generate a CSR to send to a CA?

 

I can't find an option in the Web-UI.

 

Thanks

Justin

 

Guru Elite
Posts: 20,993
Registered: ‎03-29-2007

Re: How do I generate a CSR from an Virtual Controller?

[ Edited ]

There is no facility to generate a CSR.  Unfortunately, you need to do this outside of instant.  

 

After you get the certificate from the CA, you need to ensure it is in .pem format and upload it to instant.

 

EDIT:

 

Most CA have tools to generate a CSR and sign the certificate.

 

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 9
Registered: ‎05-20-2015

Re: How do I generate a CSR from an Virtual Controller?

Ok. Thanks. I can Generate a CSR outside , what would you use for a common name?

instant.arubanetworks.com?

 

Thanks

Justin

 

Guru Elite
Posts: 20,993
Registered: ‎03-29-2007

Re: How do I generate a CSR from an Virtual Controller?

I guess the question is, what are you using it for, Web, 802.1x?  If you are using it for 802.1x the fqdn does not really matter; it would specificially matter if your clients are being configured to only trust that host.  If you are using it for Captive Portal, it needs to be chosen carefully.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 9
Registered: ‎05-20-2015

Re: How do I generate a CSR from an Virtual Controller?

I just want it to not error for my clients when they connect to the Wifi network. We are not doing a captive portal.

 

I have a test certifiate from Thawte that I can put in a single text file. Certificate, Intermediate, and root CA. I save it as a .PEM file but I get a pass phrase error. I have tried CSRs with and without pass phrases. Same error each time.

 

Thanks

Justin

 

Guru Elite
Posts: 20,993
Registered: ‎03-29-2007

Re: How do I generate a CSR from an Virtual Controller?

Honestly, the certificate should go on your radius server doing the 802.1x authentication, not your IAPs.  Uploading 802.1x certificates on IAP requires, termination, which few people do.  Upload it once to your server and you should be done.  

 

Whether or not your clients get an error will depend on if that OS has that CA in their trusted list.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 9
Registered: ‎05-20-2015

Re: How do I generate a CSR from an Virtual Controller?

I should have mentioned I am just using the internal user database. 

 

Justin

 

 

Guru Elite
Posts: 20,993
Registered: ‎03-29-2007

Re: How do I generate a CSR from an Virtual Controller?

Then you will need to upload to the IAP, yes.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 9
Registered: ‎05-20-2015

Re: How do I generate a CSR from an Virtual Controller?

I have a file like this:

 

-----BEGIN CERTIFICATE-----
<cert here>
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
<intermediate cert here>
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
<CA root cert here>
-----END CERTIFICATE-----

 

I try to upload it and I get a passphrase error. I have tried CSRs with and without passphrases.

 

Justin

 

 

 

Guru Elite
Posts: 20,993
Registered: ‎03-29-2007

Re: How do I generate a CSR from an Virtual Controller?

You should only need the server and intermediate cert.  Try it without the CA cert at the bottom.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: