Mobility Hero Tutorials

How to replace Aruba Default Certificate - Apr 2014

Super Contributor II

Tutorial by: 

 

Why do you need to replace Aruba default certificate?

 

Have you ever tried to replace Aruba default certificate issued by GeoTrust DV SSL CA to securelogin.arubanetworks.com.  You found many reasons to change and read many articles how to do it, but it seemed too many details,  you gave up and forgot about it because things still worked.

 

Let’s try it again, at least, for the benefit shows in figure 1, the problem with security certificate.

 

This article based on Windows 2012 ROOT-CA.  Assuming you have - or you can request - a certificate from your ROOT-CA.  

 

1.png

Figure 1: By replacing default certificate, you can get rid of this annoying security certificate problem.

 

Getting the Certificate

 

Generate CSR at the controller

2.png

 

Figure 2: This step is straight forward.  Make sure the Common Name is the name you are using to access your controller.  In this lab, I use https://172.18.31.246:4343, so the CN is 172.18.31.246.  Although the Key Length minimum is 1024, but the standard is 2048, many Root-CA are no longer support 1024.

 

Request certificate

Click Generate New, and copy the text between -----BEGIN CERTIFICATE REQUEST----- and ----END CERTIFICATE REQUEST----- inclusive.  Save to a text file. 

 

HTTPS to your Root-CA

3.png

 Figure 3: Https to Root-CA, click Request a certificate

 

4.png 

Figure 4: Click submit an "advanced certificate request"

 

5.png

Figure 5: Paste the CSR that you saved to txt file in figure 2 above to Saved Request, change Certificate Template to Web Server, click Submit.

 

6.png 

Figure 6: Keep default DER encoded, click “Download certificate”, and save it.  In my Root-CA, I configured the server to automatic assign certificate, so I can download the certificate right after I submit.  Some root-CA requires you come back later to download after the administrator issue it.

 

7.png

Figure 7: You can view the detail of certificate you just saved to ensure it is the right one

  Install Certificate to Controller

 

8.png

Figure 8: To install certificate to controller, click Management > Certificates > Upload.  Give it a name, find the certificate you downloaded.  Default name is download\certnew.cer

 

9.png

Figure 9: Configure controller to use new certificate for WebUI Management Authentication and Captive Portal.  Click Apply, Save Configuration, and log out.

 

10.png

Figure 10: Log back to controller, no more Problem with Website Security Certificate

 

 

If you found my post helpful, please give kudos!

Thanks

 

Version history
Revision #:
1 of 1
Last update:
‎05-05-2014 12:36 PM
Updated by:
 
Labels (3)
Contributors
Comments

FYI if you want to use a DNS name for your controller (in addition to the IP) you can easily add a additional SAN.

 

This is useful is you're using Via and need additional SANs on the cert plus you don't need to remember the IP!

 

NOTE: I believe you need to include the original common name of the cert as the first entry in the list you specify

 

So for example if my common name was via.domain.co.uk and I wanted to include the IP of the controller along with aruba-master and aruba-master on my local domain I would use:

 

SAN:dns=via.domain.co.uk&dns=aruba-master&dns=aruba-master.domain.local&ipaddress=10.168.254.80

 

 

2014-06-04 09_27_51-PC settings.png

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: