How do I install a certificate for 802.1x termination?

Aruba Employee

Product and Software: This article applies to all Aruba controllers and ArubaOS versions.

 

Release 3.x provides a few more certificate options, which will be described in this article. In release 2.x, there was on one certificate that was used for both local termination and captive portal authentication. In the latest release, we have almost a full function certificate manager on the switch.

 

Application Notes

Use this article to determine which certificate should be uploaded to support various features: captive portal, WebUI authentication, local-termination, and local-termination with client verification.

 

ArubaOS/Hardware Support

The WebUI has three tabs: Upload, CSR, and Captive Portal Certificates. The tabs are not in a logical order, but this article attempts to present the topic in a normal workflow.

 

certificate_upload.jpg

 

To generate a server certificate for local termination, follow these steps:

 

1) Click the CSR tab and fill in the information to generate a request from a CA. The private key will be stored on the switch.

 

certificate_CSR.jpg

 

2) Click the Upload tab to install the signed certificate from the CA.

 

certificate_upload_tab.jpg

 

3) If there is a requirement to verify the client certificate, choose "Trusted CA" in the Certificate Type list to upload a certificate that was signed by the client CA.

 

certificate_upload_type.jpg

 

Release 3.1.x of the certificate manager provides a few more options that are beyond the scope of this article, but that are worth noting.

 

We can also validate SSH and WebUI session using a "public cert".

 

certificate_upload_public.jpg

 

If the customer wants to use their own certificate for SSL, they need to use OpenSSL to generate a CSR and upload a certificate with the enclosed guidelines. In release 3.1.x, the CSR tab cannot be used for the Captive Portal Certificate. In release 3.2.x, the CSR tab is used to request a SSL and a local-termination certificate.

 

certificate_upload_captive_portal.jpg

Version history
Revision #:
1 of 1
Last update:
‎07-01-2014 03:27 PM
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: