Product and Software: This article applies to all Aruba controllers and ArubaOS versions.
Release 3.x provides a few more certificate options, which will be described in this article. In release 2.x, there was on one certificate that was used for both local termination and captive portal authentication. In the latest release, we have almost a full function certificate manager on the switch.
Use this article to determine which certificate should be uploaded to support various features: captive portal, WebUI authentication, local-termination, and local-termination with client verification.
The WebUI has three tabs: Upload, CSR, and Captive Portal Certificates. The tabs are not in a logical order, but this article attempts to present the topic in a normal workflow.
To generate a server certificate for local termination, follow these steps:
1) Click the CSR tab and fill in the information to generate a request from a CA. The private key will be stored on the switch.
2) Click the Upload tab to install the signed certificate from the CA.
3) If there is a requirement to verify the client certificate, choose "Trusted CA" in the Certificate Type list to upload a certificate that was signed by the client CA.
Release 3.1.x of the certificate manager provides a few more options that are beyond the scope of this article, but that are worth noting.
We can also validate SSH and WebUI session using a "public cert".
If the customer wants to use their own certificate for SSL, they need to use OpenSSL to generate a CSR and upload a certificate with the enclosed guidelines. In release 3.1.x, the CSR tab cannot be used for the Captive Portal Certificate. In release 3.2.x, the CSR tab is used to request a SSL and a local-termination certificate.