Controller-less WLANs

Certificate chain hierarchy recommended for Instant AP

Aruba Employee
Q:

How does the certificate chaining should be done for Instant AP?



A:

The Certicate chaining should be done as below:

-----BEGIN CERTIFICATE-----

Public signed Key

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

Intermediate Primary CA

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

Intermediate Secondary CA

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

Root CA

-----END CERTIFICATE-----

-----BEGIN PRIVATE KEY----

Private Key

-----END PRIVATE KEY-----

 

If the certificate chain is not uploaded with the above order for the captive portal server then WEBUI becomes inaccessible, as WEBUI will also use the same certificate uploaded for captive portal server and only way to recover is to clear the cp-cert from the CLI. 

To clear the certificate from the CLI using command "clear-cert cp". Once the custom certificate is removed, IAP will use the default self-signed certificate for WEBUI. 

Version history
Revision #:
2 of 2
Last update:
‎03-26-2017 01:46 AM
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.