ArubaOS and Controllers

Reply
Contributor I

Unable to upload the ceritificate getting error

Please go throuhg the attachment. When we encountered the ceritificate error, lately we purchased the ceritificate from a third party but am not able to upload teh certificate. I get teh followign error

"Error Uploading Certificate:
Certificate does not have the basicConstraints extension CA flag set.
"

Re: Unable to upload the ceritificate getting error

What sort of a certificate are you trying to upload?

 

The error suggests you're trying to upload a server certicate, but as a trusted CA? If that's the case that won't work. You need to change the cert type to server.

 

Thanks.

 

Kudos appreciated, but I'm not hunting! (ACMX 104)
Contributor I

Re: Unable to upload the ceritificate getting error

did you see the ceritificates that i loaded before this one. I have 3 files recieved from the ca. please tell me the type for each one. please help

Re: Unable to upload the ceritificate getting error

Yes, I looked at that. Without actually having the real cert files in front of me, I can't be 100%. I'm guessing what they are based on the filenames.

 

Based on this second screenshot you sent, the cert named "ARUBA-MASTER.AMIANTIT.COM" looks very much like a server certificate for the same domain. So, you should be trying to upload that as a server certificate I suspect.

 

The other two appear to be CAs (based on the name), so you could trying upload them as CAs.

 

Kudos appreciated, but I'm not hunting! (ACMX 104)
Contributor I

Re: Unable to upload the ceritificate getting error

Now that i have uploaded the certificates, will i still get an error while users trying to connect to the SSID ? what settings that need to be corrected. i have the 802.1x terminations. How to resolve this issue on iphones

Re: Unable to upload the ceritificate getting error

Based on the screenshots you sent earlier, it looks like networksolutions are your certificate signer?

 

It is possible that the iphone doesn't trust your CA and/or any intermediates.

 

When troubleshooting this with certificates used for web-auth purposes, I've found the easiest resolution is to combine the CA (including any intermediates involved in the server cert signage) into one whole bundle. Then upload that as the server cert.

 

Generally, edit the server cert file, and attach all intermediate and CA certs after the server cert info. You can do it with a text editor. Then upload the whole thing again and try that?

Kudos appreciated, but I'm not hunting! (ACMX 104)
Contributor I

Re: Unable to upload the ceritificate getting error

can i do like this ?

 

-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIRAMzLdj1q5f2mH3+Im6hMgygwDQYJKoZIhvcNAQEFBQAw
WTELMAkGA1UEBhMCVVMxITAfBgNVBAoTGE5ldHdvcmsgU29sdXRpb25zIEwuTC5D
LjEnMCUGA1UEAxMeTmV0d29yayBTb2x1dGlvbnMgRFYgU2VydmVyIENBMB4XDTEz
MTEyNjAwMDAwMFoXDTE3MTEyNDIzNTk1OVowaTEhMB8GA1UECxMYRG9tYWluIENv
bnRyb2wgVmFsaWRhdGVkMSAwHgYDVQQLExduc1Byb3RlY3QgU2VjdXJlIFhwcmVz
czEiMCAGA1UEAxMZYXJ1YmEtbWFzdGVyLmFtaWFudGl0LmNvbTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBANaaX6ICBM6Mg2Xe+ysOGyC6+pzDQ6WcmWjo
cE5omMCqf0txPl4p/2hIdQALGi47voXQJig6qle9MUO+r1egnNwyGqC9AwjQ44q2
2bQkAscFCmcExe1I2lVDadeTZJ1ppRuIU3AZ/omnHetV7s29o8lK6cX86oL7mVaJ
fyTbRcawI256pY2PH43FRzio1kptU7xAH21u6CkAf+TOkaLc0/nMe94te0ZIwTRM
7RcRart408MLRlY/bZQW6t3B1qD8NFMZYdE7lc39b7N/Ud+gMTGScF+NsBJ/yxjI
hXpDNCHu/p0g8yNWyCQYIW5W6ZsdMm5egEWIFWgLpE7ioMETLq8CAwEAAaOCAeQw
ggHgMB8GA1UdIwQYMBaAFFjYJZKkVVpu2aPRo3wMqgQhcS5gMB0GA1UdDgQWBBSv
A+OXw/+kb9SgkL/WgQLh/7elxTAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIw
ADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdQYDVR0gBG4wbDBgBgwr
BgEEAYYOAQIBCQEwUDBOBggrBgEFBQcCARZCaHR0cDovL3d3dy5uZXR3b3Jrc29s
dXRpb25zLmNvbS9sZWdhbC9TU0wtbGVnYWwtcmVwb3NpdG9yeS1jcHMuanNwMAgG
BmeBDAECATBIBgNVHR8EQTA/MD2gO6A5hjdodHRwOi8vY3JsLm5ldHNvbHNzbC5j
b20vTmV0d29ya1NvbHV0aW9uc0RWU2VydmVyQ0EuY3JsMHoGCCsGAQUFBwEBBG4w
bDBDBggrBgEFBQcwAoY3aHR0cDovL3d3dy5uZXRzb2xzc2wuY29tL05ldHdvcmtT
b2x1dGlvbnNEVlNlcnZlckNBLmNydDAlBggrBgEFBQcwAYYZaHR0cDovL29jc3Au
bmV0c29sc3NsLmNvbTAkBgNVHREEHTAbghlhcnViYS1tYXN0ZXIuYW1pYW50aXQu
Y29tMA0GCSqGSIb3DQEBBQUAA4IBAQAsWpfVLL7VxQjZpJMnvtijT2rUuCm3dq8h
lBybU0Tfw86YD1zStbVU28gYbH0R8YAxJxgX/Kq3u/gFN2YW/XVjgShJI8hvsWSZ
eRykLJYtArzW7NeGI64zk0F8nolLIgAQLOgRmHDp2/F1XbdZrGVobiB0UOZ5VwLW
asRUaUSRN0ifvX1mmwgmDYqa+7RFUXyfuYJ+1nkkNVqIxu8RT9TW4dv0+c2zy1TF
lB/cEoFoTjFLeGXhc7Ixd3eR5uYqSGY6ea+MAa36N3i4GX2MRMcq0STq5jFypCpG
4/Agv3lyLmz5eNKHCy+gIrvlKIOrGCNIpO1/B0700AgR8QAA6NHW
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU
MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs
IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290
MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux
FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h
bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v
dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt
H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9
uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX
mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX
a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN
E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0
WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD
VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0
Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU
cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx
IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN
AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH
YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5
6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC
Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX
c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a
mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIE0zCCA7ugAwIBAgIQSPxLCjcG/0b+095dTB7KYjANBgkqhkiG9w0BAQUFADBv
MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk
ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF
eHRlcm5hbCBDQSBSb290MB4XDTEwMTEyNjAwMDAwMFoXDTIwMDUzMDEwNDgzOFow
WTELMAkGA1UEBhMCVVMxITAfBgNVBAoTGE5ldHdvcmsgU29sdXRpb25zIEwuTC5D
LjEnMCUGA1UEAxMeTmV0d29yayBTb2x1dGlvbnMgRFYgU2VydmVyIENBMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1dmNdyQTnh0ZajarOjpYmVGymTw
0MOnQluM4Y4ABStT5BuEIrTfV7BAjxeSfjGXHvWt8ICZ25cwlTUNZEHfxLOCec28
luL9ACnFPr58CGy+/pCxFTkhhjRAvZyd+mrlKmhFDmjg6LAIZYQ2MZxG4U7LP1iD
82yONBmCUyYsjauSIl8FoT2brme0VsD5l3jAtZgVDK0Drf94jy8mfDrclACHw37C
tqiMCx0dD4y10PuTOjj2CP47jWZrRcZfsnvwFPmBdd4LS4PL7ne7nH6bnSfYkAad
z0s8K/q/AQrFbRxaYGiS+Q5D+/KIeJblU0tR9rHnbffG/0/XA3tz8mAKIQIDAQAB
o4IBfzCCAXswHwYDVR0jBBgwFoAUrb2YejS0Jvf6xCZU7wO94CTLVBowHQYDVR0O
BBYEFFjYJZKkVVpu2aPRo3wMqgQhcS5gMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMB
Af8ECDAGAQH/AgEAMBkGA1UdIAQSMBAwDgYMKwYBBAGGDgECAQkBMEQGA1UdHwQ9
MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4dGVy
bmFsQ0FSb290LmNybDCBswYIKwYBBQUHAQEEgaYwgaMwPwYIKwYBBQUHMAKGM2h0
dHA6Ly9jcnQudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4dGVybmFsQ0FSb290LnA3
YzA5BggrBgEFBQcwAoYtaHR0cDovL2NydC51c2VydHJ1c3QuY29tL0FkZFRydXN0
VVROU0dDQ0EuY3J0MCUGCCsGAQUFBzABhhlodHRwOi8vb2NzcC51c2VydHJ1c3Qu
Y29tMA0GCSqGSIb3DQEBBQUAA4IBAQAnlJ9+f/xzSPI4H7AFv3HcO6l+wxCGJS0U
7kSdSo3yszrFZvoCv9XwABZ3yXTXiMCxGHrzThMxcG9GcEHhGkI+ql9GGC2FDDu7
/s8C1s+u2xqTUnRsnvqy7q8vfQdCF30x5Wo2KCv91HLx/rnF9/ByYeCdvMrrRQu4
aAkBG01zf9/mk7od/Gsos2Qwu9A6qjVrC4NhaNcyWkneGtH8bYug3Pp6pJJ/dOIN
kqCeuEYcYmOwuAjE/bC0nyQJsy2cdRR3Sm7EY8FNE4bOmHIdPbnGTnMw5MZzotH3
kOSQzOE6N9ZTAl9FLS+mT0lB6t+PL5ccdtt4QGPL5NXXUzgOERA4
-----END CERTIFICATE-----

Contributor I

Re: Unable to upload the ceritificate getting error

can i save this as one file and upload it ?

Contributor I

Re: Unable to upload the ceritificate getting error

I am not able to save this file as a crt file. and do i have to upload using the cli or the web gui?

Re: Unable to upload the ceritificate getting error

You can upload the certificate either way. I normally do it by the GUI.

 

Did you generate the CSR used for this certificate from the controller GUI?

 

Then, in what format did you download this output certificate data/chain parts?

 

It looks to me like it might be corrupt?

 

Obviously I don't have the private keys for it, so I can't be 100% sure for the main cert, but I can't even get the intermediates and/or root lower down to decrypt correctly. This suggests the data is corrupt, or it's in a strange format.

 

Kudos appreciated, but I'm not hunting! (ACMX 104)
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: