Network Management

last person joined: 23 hours ago 

Keep an informative eye on your network with HPE Aruba Networking network management solutions
Back to discussions
Expand all | Collapse all

8.2.4 - SSL Certificate

This thread has been viewed 18 times

  • 1.  8.2.4 - SSL Certificate

    Posted Jun 19, 2017 01:04 PM

    With the removal of the Airwave CLI in 8.2.4 I am having difficulty understanding how to generate a CSR and install a new SSL Certificate for my Airwave server. I see a location to "Add a new certificate" but the options are blank and I can only select "C" for cancel....

     

    Any insight on this?



  • 2.  RE: 8.2.4 - SSL Certificate

    EMPLOYEE
    Posted Jun 19, 2017 02:07 PM

    Hi Vincent,

     

    For now we have to contact support for getting the CSR created and downloaded as it needs to be a root user. There is a request for it already to have this option.

     

    Note: (The file must be in PKCS12 format with ".pfx" or ".p12" filename extension and should contain both the private key and the certificate.)

     

     



  • 3.  RE: 8.2.4 - SSL Certificate

    EMPLOYEE
    Posted Jun 22, 2017 05:22 PM

    For tracking purposes:

    Generate SSL Certs = US14594

    Generate SSL Certs w/ CSR = US16631

     

    Since both feature stories are very similar, it's possible they may be implemented in the same user story.  Target is 8.2.5 for these.



  • 4.  RE: 8.2.4 - SSL Certificate

    Posted Aug 31, 2017 02:04 AM

    1. How about AMP 8.2.4.1, I can see in docs there is a contextual menu (no cli) 9-3 Add SSL Certificate. How exactly does it work? I can paste certificate or choose among previously uploaded files?

     

    2. Is there a way to generate CSR from Airwave?

     

    3. How to upload and in what format (.pfx, .p12) certificate to AMP? There is menu option 1 Upload File but should it be used prior to 9-3 Adding certificates? Where (folder) will it upload on AMP? Can I upload file to AMP having only SCP client installed on laptop (scp transfer initiated from laptop) or do I have to use SCP server (scp transfer initiated from AMP)?

    For exmaple: pscp mycert.p12 ampadmin@amp.local:<should I specify target location?>



  • 5.  RE: 8.2.4 - SSL Certificate
    Best Answer

    EMPLOYEE
    Posted Aug 31, 2017 12:59 PM

    responses inline:

     

    @mzachar wrote:

    1. How about AMP 8.2.4.1, I can see in docs there is a contextual menu (no cli) 9-3 Add SSL Certificate. How exactly does it work? I can paste certificate or choose among previously uploaded files?

     

    --First you use the upload option to create SCP connection from AMP to an SCP server to pull the file into AMP (on a Windows client, I've been using Bitvise SSHd.  on a Mac client - you may have to update the ciphers on the macbook in order to connect to transfer).  There is a user story to allow paste in certs: US17062.  Once uploaded, then you'd go to SSL cert menu to select the cert.

     

    2. Is there a way to generate CSR from Airwave?

     

    --Not yet, this is US16631.

     

    3. How to upload and in what format (.pfx, .p12) certificate to AMP? There is menu option 1 Upload File but should it be used prior to 9-3 Adding certificates? Where (folder) will it upload on AMP? Can I upload file to AMP having only SCP client installed on laptop (scp transfer initiated from laptop) or do I have to use SCP server (scp transfer initiated from AMP)?

    For exmaple: pscp mycert.p12 ampadmin@amp.local:<should I specify target location?>

     

    --Format should be pkcs12.  It states this when you are in the menu:

    AirWave Management Platform 8.2.4.1 on test
    1 Upload File
    2 Download File
    3 Delete File
    4 Backup
    5 Restore
    6 Support
    7 Upgrade
    8 Advanced
    9 Security
    10 Custom Commands
    q >> Quit
    Your choice: 9
    Security
    1 Reset Web admin Password
    2 Change OS User Password
    3 Add SSL Certificate
    4 Add DTLS Certificates
    5 Disable FIPS (requires reboot)
    6 Show EngineID
    7 Module Key
    8 Apply STIGs
    b >> Back
    Your choice: 3

    Running Add SSL Certificate
    Choose the certificate file.
    (The file must be in PKCS12 format with ".pfx" or ".p12" filename extension and should contain both the private key and the certificate.)
    c >> Cancel
    Your choice:

     

     



  • 6.  RE: 8.2.4 - SSL Certificate

    Posted Jun 26, 2018 05:19 PM

    I cheated a little. I used Windows IIS to create a CSR and submit to my CA then completed the request.

     

    Once I confirmed that the key was valid, I exported it as a PFX file and was able to import it into AirWave as a server certificate.

     

    But, now I am stuck. Not really sure how I can get AirWave to use the new certificate instead of the default certificate.



  • 7.  RE: 8.2.4 - SSL Certificate

    EMPLOYEE
    Posted Jun 26, 2018 05:38 PM

    Performing the operation from the Security menu to install it activates the server cert.  The web server processes should restart after the cert install, and the result should be an AMP server using the installed cert.  If your browser is still seeing the old cert, double check that you flushed the cert from your local browser to ensure you're not seeing a cached cert.  If this is still not the case, please open a support case to debug the behavior.



  • 8.  RE: 8.2.4 - SSL Certificate

    Posted Jul 17, 2018 12:00 AM

    Looks like the upload file option puts the file in the /var/ampcli/user/ folder.

     

    If you scp the pfx to the folder you should be able to then use the menu to add the certificate.