Aruba Instant & Cloud Wi-Fi

Reply
Occasional Contributor I
Posts: 8
Registered: ‎11-07-2016

Virtual Controller Captive Portal SSL Certificate Options

Hi eveyrone, I am new to SSL Certifications with Aruba and particularly with the Captive Portal.  My customer's Default SSL Cert has expired and we are looking at either a Self Signed Cert or a Cert from a CA.  My first question is they my customer has generated a CSR from www.getcert.com.   They know have 4 files

1. Private key : guestaccess.com-2016-12-22-120739.pkey
2. Certificate request (.csr): guestaccess.com-2016-12-22-120739.csr
3. Public key(.cer) : guestaccess.com-2016-12-22-120739.cer
4. Entire certificate (pkcs12) : guestaccess.com-2016-12-22-120739.p12.

 

From here I am a little confused as what to do if they just want to import a self signed certificate to the Virtual Controller.   Do i need to combine the private key and the public key?  one instruction i read is to rename the .p12 file to .pem and import it.   Any suggestions would be extremely helpful.   They still may go the more secure route with a public cert but I want to cover both options. 

Guru Elite
Posts: 7,853
Registered: ‎09-08-2010

Re: Virtual Controller Captive Portal SSL Certificate Options

Take a look at this:
https://community.arubanetworks.com/t5/Controller-less-WLANs/ArubaOS-Default-Certificate-Revocation-FAQ-Instant/ta-p/275814

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Occasional Contributor I
Posts: 8
Registered: ‎11-07-2016

Re: Virtual Controller Captive Portal SSL Certificate Options

Thanks yea i have read it several times.  It has a link on creating a CSR and using that combined with a Public Signed cert , but I have not been able to find instructions specifically to importing a Self-Signed Certificate and what to do after the CSR has been created.    I have 4 files but not sure which or what files to import and/or combine.  Hope that makes sense.  :)

Guru Elite
Posts: 7,853
Registered: ‎09-08-2010

Re: Virtual Controller Captive Portal SSL Certificate Options

There's a section towards the bottom that talks about combining the public and private keys with the CA cert.

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Occasional Contributor I
Posts: 8
Registered: ‎11-07-2016

Re: Virtual Controller Captive Portal SSL Certificate Options

Cool thanks, i did see that, however that is for the Public Cert which i understand a bit more about combining the private with a public.   I am more hung up on the Self Signed Cert... which unless I am mistaken, is what a CSR is.    The Aruba documentation says you can import a Public Cert from a CA or you can import a Self-Signed Cert using a CSR creator.   Is that correct?

Guru Elite
Posts: 7,853
Registered: ‎09-08-2010

Re: Virtual Controller Captive Portal SSL Certificate Options

CSR is used to to get a certificate from a certificate provider.

If you're using this cert for guest, you should acquire a public cert otherwise your users will receive a certificate error in their browser when logging in.

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Occasional Contributor I
Posts: 8
Registered: ‎11-07-2016

Re: Virtual Controller Captive Portal SSL Certificate Options

These are the instructions I received earlier from Aruba support

"Importing a self-signed certification:

You can follow the details given below for getting a SSL certificate loaded to IAP:
Access http://www.getacert.com/ and select “Generate self-signed Certificate”. Then complete your certificate details to create private key, certificate request and public key files.
2. Choose Next Page - Next Page - Submit self-signed Certificate and you will get a page thats says " Your self signed certificate page" and select "Entire certificate (pkcs12) ".
3. By default the key file will be in .cer extension. Rename this file such that it get converted to .pem. For example: arubacert.cer to arubacert.pem
4. Then you go ahead and upload the certificate in the IAP by going to the GUI access of the VC and clicking on " Maintenance-> certificate-> upload ceritifcate-> Captive portal"."

However step 1 and step 2 do not make sense. It says to select the Entire certificate (pkcs12) but this file has a .p12 extension not a .cer.

 

Anyway I prob have confused you more, I will revist this with Aruba Support.

Guru Elite
Posts: 7,853
Registered: ‎09-08-2010

Re: Virtual Controller Captive Portal SSL Certificate Options

Take the private key file and combine it with the public certificate file and save it with a .pem extension. You should be able to import that.


Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Occasional Contributor I
Posts: 8
Registered: ‎11-07-2016

Re: Virtual Controller Captive Portal SSL Certificate Options

There ya go, appreciate it.  I will give it a go thank you

Search Airheads
Showing results for 
Search instead for 
Did you mean: