Controller Based WLANs

How to install a Custom Certificate On an Aruba Controller from CLI?
Requirement:

The Aruba controllers should be running Minimum AOS: 6.1.x or above



Solution:

Below Steps helps us to install a custom certificate on Aruba controller from the Command Line Interface(CLI).

Step 1:

Copy the respective certificate from the local system to the flash of the Controller

Step 2:

Import the Certificate in the Flash

Step 3:

Install the Certificate



Configuration:

Step 1:

Syntax:

(Aruba) #copy tftp: <ip address> <Source File Name> flash: <Destination Filename>

Example:

(Aruba) #copy tftp: 10.1.1.22 ManiServerCert.pem flash: ManiServerCert.pem

Step 2:

Syntax:

(Aruba) #crypto pki-import <Cert format> <certificate type> <Name of the Cert> <Filename of the cert imported>

Certificate Format:

der                     Import certificate in DER format
pem                     Import certificate in x509 PEM format
pfx                     Import certificate in PKCS12 aka PFX format
pkcs12                  Import certificate in PKCS12 format.
pkcs7                   Import certificate in PKCS7 format.

Certificate Type:

CRL                     Import a Certificate Revocation List
IntermediateCA          Import a intermediate CA certificate
OCSPResponderCert       Import a OCSP Responder certificate
OCSPSignerCert          Import a OCSP Signer certificate
PublicCert              Import a public certificate
ServerCert              Import a server certificate
TrustedCA               Import a trusted CA certificate

Example:

(Aruba) #crypto pki-import pem serverCert RadiusServerCert ManiServerCert.pem

Step 3:

Syntax:

(Aruba) #crypto-local pki <Cert Type> <Name of the Cert> <Filename of the cert imported>

Certificate Type:

CRL                     Configure a Certificate Revocation List
IntermediateCA          Configure an intermediate CA certificate
OCSPResponderCert       Configure a OCSP Responder certificate
OCSPSignerCert          Configure a OCSP Signer certificate
PublicCert              Configure a public certificate
ServerCert              Configure a server certificate
TrustedCA               Configure a trusted CA certificate
global-ocsp-signer-cert Configure the global OCSP signer cert to sign OCSP responses
rcp                     Configure revocation check point
service-ocsp-responder  Enable/Disable OCSP Responder service

Example:

(Aruba) #configure terminal
Enter Configuration commands, one per line. End with CNTL/Z

(Aruba7030) (config) #crypto-local pki serverCert RadiusServerCert ManiServerCert.pem


Verification

 

(Aruba) #show crypto-local pki <Cert Type>

Cert Type:

CRL                     Show Certificate Revocation List
IntermediateCA          Show an intermediate CA certificate
OCSPResponderCert       Show a OCSP Responder certificate
OCSPSignerCert          Show a OCSP Signer certificate
PublicCert              Show a public certificate
ServerCert              Show a server certificate
TrustedCA               Show a trusted CA certificate
crl-stats               Show  CRL requests stats
ocsp-client-stats       Show  OCSP client stats
rcp                     Show revocation check point
service-ocsp-responder  Show OCSP Responder service status

Example:

(Aruba) #show crypto-local pki serverCert

Certificates
------------
Name            Original Filename  Reference Count  Expired
--------------  -----------------  ---------------  -------
RadiusServerCert ManiServerCert.pem        0            No
Version History
Revision #:
1 of 1
Last update:
2 weeks ago
Updated by:
 
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.