How to use Two diff certificate on a master and Standby controller for 802.1x Authentication

Aruba Employee

How to use Two diff certificate on a master and Standby controller for 802.1x Authentication
 
Usually, we create and upload separate certificates for master and the standby controllers so that the 802.1x clients can be served by the standby controller in case the master goes down. Both controller needs to have individual certificates mapped in the 802.1x profile controllers for authentication purpose.

However, majority of the configuration on the standby controller is pushed from the master including certificate mapping in the 802.1x profile. We cannot map a different certificate from the backup controller’s WebUI or CLI (the fields will be greyed out). As a result, if certificates on the master and the backup are with different names, master would not have the certificate that needs to be mapped on the backup controller.

Here is an Example

==============

We have certificates with different names for master and backup controller-

Certificate name for master controller -  MasterCertificate.DER
Certificate name for standby controller – BackupCertificate.DER

Now, since the certificate needs to be mapped to the 802.1x profile only through the master controller (the same config gets pushed to the standby controller), we can map only one certificate name in the 802.1x profile for both master and the backup controller.

However, as we have a certificate with different name uploaded on the backup controller, this certificate will not be used for 802.1x authentication on the backup controller.

In order to use the certificate on backup controller (BackupCertificate.DER), we would need to upload it with the same certificate name as that on the master controller (MasterCertificate.DER).

Rename the backup certificate’s name to match to the master certificate’s name and upload it on the standby controller.

How to use Two diff certificate on a master and Standby controller for 802.1x Authentication
 
Usually, we create and upload separate certificates for master and the standby controllers so that the 802.1x clients can be served by the standby controller in case the master goes down. Both controller needs to have individual certificates mapped in the 802.1x profile controllers for authentication purpose.

However, majority of the configuration on the standby controller is pushed from the master including certificate mapping in the 802.1x profile. We cannot map a different certificate from the backup controller’s WebUI or CLI (the fields will be greyed out). As a result, if certificates on the master and the backup are with different names, master would not have the certificate that needs to be mapped on the backup controller.

Here is an Example

==============

We have certificates with different names for master and backup controller-

Certificate name for master controller -  MasterCertificate.DER
Certificate name for standby controller – BackupCertificate.DER

Now, since the certificate needs to be mapped to the 802.1x profile only through the master controller (the same config gets pushed to the standby controller), we can map only one certificate name in the 802.1x profile for both master and the backup controller.

However, as we have a certificate with different name uploaded on the backup controller, this certificate will not be used for 802.1x authentication on the backup controller.

In order to use the certificate on backup controller (BackupCertificate.DER), we would need to upload it with the same certificate name as that on the master controller (MasterCertificate.DER).

Rename the backup certificate’s name to match to the master certificate’s name and upload it on the standby controller.

Version history
Revision #:
1 of 1
Last update:
‎04-07-2015 01:45 PM
Updated by:
 
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: