Controller Based WLANs

Can we store certificates on a USB flash drive for RAP provisioning?
Question Can we store certificates on a USB flash drive for RAP provisioning?
Environment This article applies to all the controller model and Remote AP. The minimum OS version running on the controller should be 6.3.0.0.

 

Yes. AOS version 6.3.0.0 and above support storing RAP certificates on USB flash drives. Using this, RAP certificate is activated only when the USB containing the corresponding certificate is connected to the RAP. As soon as the USB drive is removed from the RAP, the certificate gets deactivated. If you remove the USB storage from an activated RAP, it drops the IPSec tunnel. It requires a power cycle to re-establish the tunnel irrespective of whether the USB with the certificate is again connected or not.
 
The certificate contains all the information that is required for creating the tunnel including the private key, RAP certificate with the chain of certificates and the trusted CA certificate. As of AOS version 6.3.0.0, there is a limit of three supported intermediate CAs and the common name (CN) for the RAP certificate must be the MAC address of the RAP in the colon format.
 
Note: This USB drive is purely a storage device and does not act as a 3G/4G modem.

Version history
Revision #:
1 of 1
Last update:
‎07-10-2014 01:21 PM
 
Labels (1)
Contributors
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.