Controller-less WLANs

How do I generate and sign a certificate using OpenSSL on Linux for the Aruba Instant AP?

Aruba Employee

Question:  How do I generate and sign a certificate using OpenSSL on Linux for the Aruba Instant AP?



Product and Software: This article applies to all Aruba Instant platforms and versions.


Install OpenSSL on CentOS or Fedora Linux Operating Systems

1. Install the CentOS or Fedora operating system.

2. In the terminal of CentOS or Fedora, issue the following commands to install OpenSSL:

yum install openssl

yum install openssl-devel

yum install openssl-perl

yum install gcc (optional)


Generate a Certificate in PEM Format Using the Built-in Perl Script

Issue the following commands from the /etc/pki/tls/misc directory. While issuing these commands, you will be asked questions about the country code, state, organization, etc. Answer these questions appropriately. You will also be requested for a PEM passphrase, which is used to protect the key.


1. Generate a Root CA Certificate

term#./ -newca

This command generates a cacert.pem in /etc/pki/CA directory. This is the certificate authority (CA) file. The cakey.pem file can be found in /etc/pki/CA/private directory.


2. Generate a Server Certificate

term#./ -newreq

This command generates a certificate request (csr). You will get a "newreq.pem" and "newkey.pem" file. The newreq.pem is the new request and the newkey.pem is the key generated for this request. The files newkey.pem and newreq.pem will be found in the /etc/pki/tls/misc directory.


3. Sign the Server Certificate with the Root CA

term#./ -sign

This command signs the new request with the CA. It takes "newreq.pem" and signs it against "cacert.pem", and you will get "newcert.pem". The file newcert.pem will be found in the /etc/pki/tls/misc directory.


4. Concatenate the RSA Private Key and the Signed Server Certificate

term#cat newkey.pem newcert.pem > instantservercert.pem

This command combines the signed cert with the newkey.pem generated in step 2 to produce the server certificate named instantcert.pem. The file instantservercert.pem will be found in the /etc/pki/tls/misc directory.

Aruba Instant has a requirement on this certificate: it should include the signed server certificate and the private RSA key for the certificate and the key should be put at the very beginning of the file.


5. Load the Certificate on Aruba Instant

The instantservercert.pem certificate and the cacert.pem certificate should be loaded to the certificate section in the WebUI of the Aruba Instant AP.

Version history
Revision #:
1 of 1
Last update:
‎07-04-2014 02:31 PM
Labels (1)
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.