Controller Based WLANs

Custom Certificate Support on RAP

Aruba Employee
Q:

What is Customer Support Certificate on RAP?  What are the procedures to be followed while naming and uploading the certificate in USB?



A:

Customer Support Certificate is a new feature introduced in AOS for Customized certificate based Authentication of RAP from AOS 6.3.

  1. In 6.3, Administrator can provision to configure RAP with custom certificates (new feature introduced).
  2. RAP supports AES-GCM algorithm and custom RSA certificates for authentication.
  3. RAP supports Chained Certificates upto one level.
  4. RAPs can be provisioned with Custom Certificate in two ways
    1.  Uploading certificates (RSA/ECDSA) from LD Page
    2. Copying Certificate(RSA/ECDSA) to USB stick
  5. Uploading Certificates through LD Page
    1.    User can upload certificates either generating CSR and get it signed by CA or uploading directly PCKS12 bundle certificate
    2.    RAP supports DER,PEM  and PKCS12 formats for uploading certificates
    3.    User can import the certificate with/without pkcs12 passphrase while uploading PKCS12 bundle certificate
  6. Configuration for USB certificate Store
    1.   Copy PKCS12 certificate bundle to USB stick
    2.   Ensure certificate file name should start with that particular RAP’s MAC address
    3.   Example:
    4.   If RAP’s eth0 MAC address is 00:0b:86:c2:00:6c, then the file name as 000B86C2006C.p12 or 000B86C2006C_rap155.p12
    5.   If user unplug the USB stick then RAP will be down
    6.   User needs to reboot the RAP if he/she unplug and plug USB stick from RAP to come up again with custom certificate

 

Version history
Revision #:
13 of 13
Last update:
‎04-02-2015 03:19 PM
Updated by:
 
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.