Controllerless Networks

Reply
New Contributor

Deploy ACME certificates to HP Aruba IAP

Greetings,

I recently purchased a pair of IAP-215's and wanted to automatically deploy ACME (Let's Encrypt) certificates for the user-interface and captive-portal.

Below, I'm sharing my solution, hopefully it may help others.
------
I quickly learned that Aruba CLI commands can't be issued over a SSH session via stdin remotely, so some interactive scripting tool like 'expect' or 'empty' is needed, I used 'empty'.

I use the shell based ACME client acme.sh.

Requirements:

- Linux system with 'empty' command and SSH client access to Aruba IAP

- TFTP server on same system, reachable by Aruba IAP

- acme.sh client and openssl

Tested with Aruba Instant Version 6.5.4.3

The core of the solution is this script I created:
https://gist.github.com/abelbeck/09078d360b361ceeacf08ccaa136e166

The passed arguments are the same as acme.sh uses for deploy scripts:
Arguments: acme-deploy-custom.script domain key_file cert_file ca_file fullchain_file

BTW, In our open source project, we include a "custom" deploy script for acme.sh:
https://github.com/astlinux-project/astlinux/commit/6804ed975ce35f500f99159e295c3d8944ebf5d7

Or you could include the acme-deploy-custom.script in acme.sh as deploy/aruba-iap.sh or such.

Hope this helps someone.

Lonnie

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: