Monitoring, Management & Location Tracking

How load captive portal certificate to Aruba Controller through Airwave

Aruba Employee
Requirement:

 

AMP 8.0 and above version

Aruba Controller latest version

 



Solution:

 

Aruba Controller supports uploading customized captive portal server certificate. The captive portal server certificates verifies internal captive portal server’s identity to the client.

Airwave Management server (AMP) can be used to manage Aruba Controller certificates like web server certificate, captive portal server certificate.

The AMP performs basic certificate verification (such as certificate type, format, version, serial number and so on), before accepting the certificate and uploading to an Aruba Controller. The AMP packages the text of the certificate into an HTTPS message and sends it to the Aruba Controller. After Controller receives this message, it draws the certificate content from the message and saves it.

 



Configuration:

 

Loading a certificate in Airwave:

  1. From Device Setup >> Certificates page, click ‘Add’ to upload a new certificate.
  2. From certificate upload, enter certificate name and choose certificate file.
  3. Enter the passphrase if any.
  4. Select appropriate format that matches the certificate file.
  5. Select the certificate type as ‘Server Cert’

 

 

Selecting the certificate for Controller:

Note: User **MUST** resolve configuration audit mismatches for the controller before performing the activity below to avoid unexpected configuration push to controller. Contact Aruba Support when need help in resolving mismatch for Controller.

      1. Navigate to the AMP APs/Devices >> Manage page for the specific controller.

      2. From Aruba overrides section, select ‘Add’ to the certificate need to be pushed to controller.

      3. Update the Web SSH Management Profile default with the new captive portal certificate.

 

      4. Update the Management mode to ‘Manage Read/Write’. 

      5. Click save and apply the push the certificate/config to Controller.



Verification

Using AMP Server:

From /var/log/system/ap/<ap id>/telnet_cmds file, verify the AMP progress to push configuration to Aruba controller.

 

Using Controller:

Aruba controller command “show audit-trail” and “show web-server profile” confirm the certificate push and captive portal certificate in use.

 

#show audit-trail

Sep  9 18:04:53  webui[1710]: USER:admin@10.162.104.42 COMMAND:<crypto pki-import pkcs12 ServerCert "Controller_CP_cert" "controller1.nslab.com.p12"  ******  > -- command executed successfully

Sep  9 18:04:53  webui[1710]: USER:admin@10.162.104.42 COMMAND:<crypto-local pki ServerCert "Controller_CP_cert" "controller1.nslab.com.p12" > -- command executed successfully

Sep  9 18:05:06  fpcli: USER:admin@10.162.104.42 COMMAND:<web-server profile captive-portal-cert "Controller_CP_cert" > -- command executed successfully

 

#show web-server profile

Web Server Configuration

------------------------

Parameter                                      Value

---------                                      -----

Cipher Suite Strength                          high

SSL/TLS Protocol Config                        tlsv1 tlsv1.1 tlsv1.2

Switch Certificate                             default

Captive Portal Certificate                     Controller_CP_cert

IDP Certificate                                default

Management user's WebUI access method          username/password

User session timeout <30-3600> (seconds)       900

Maximum supported concurrent clients <25-320>  25

Enable WebUI access on HTTPS port (443)        false

Web Lync Listen Protocol/Port Config           N/A

Enable bypass captive portal landing page      false

Exclude Security Headers from HTTP Response    false

 

 

Version history
Revision #:
2 of 2
Last update:
‎09-13-2016 09:49 AM
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: