Network Management

Reply
Contributor I

New Cert on Airwave

Hello,

 

The server  name was recently changed on our Airwave server. The self signed CERT now shows the previous name of the server in the CERT, thus we get an error when connecting to the Airwave server. I assume that a new self signed cert would have to be created so we won't get this error anymore. What is the process to create a new CERT on the Airwave server?

 

Thanks,

 

TJG

Aruba Employee

Re: New Cert on Airwave

Hi TJG,

 

Try the below commands to generate the new cert. Replace <hostname> with fully qualified domain name or ip address.

 

Steps:

  1. sed s/"localhost.localdomain"/"<hostname>"/ /root/svn/mercury/lib/conf/openssl.cnf > /tmp/openssl.cnf
  2. /usr/bin/openssl req -new -key /etc/httpd/conf/ssl.key/server.key -x509 -days 1827 -out /etc/httpd/conf/ssl.crt/server.crt -config /tmp/openssl.cnf 2> /dev/null
  3. cat /etc/httpd/conf/ssl.crt/server.crt > /etc/httpd/conf/ssl.pem
  4. echo '' >> /etc/httpd/conf/ssl.pem
  5. cat /etc/httpd/conf/ssl.key/server.key >> /etc/httpd/conf/ssl.pem
  6. chmod 0600 /etc/httpd/conf/ssl.pem
  7. chown root.root /etc/httpd/conf/ssl.pem
  8. make deploy_httpd_conf >> /tmp/amp-install.log 2>&1
  9. service httpd restart > /dev/null
  10. service pound restart > /dev/null

 

Regards,

Kiran

Contributor I

Re: New Cert on Airwave

Kiran,

 

Thanks for the quick reply. I ran the commands you provided but still have a problem. In the command "sed s/"localhost.localdomain"/"<hostname>"/ /root/svn/mercury/lib/conf/openssl.cnf > /tmp/openssl.cnf"" ,what should I put in for the localhost.localdomain?

 

I tried putting in the server name and domain but in the Certificate Information in the browser, the issued to and issued by both show localhost.localdomain regardless of what I put in. in the command above. What am I missing here?

 

Thanks,

 

TJG

Contributor I

Re: New Cert on Airwave

Kiran,

 

Thanks for the help. I am all set now.

 

TJG

New Contributor

Re: New Cert on Airwave

what was the fix? Any instructions on how to generate a CSR to have it signed by a CA?

 

Thanks

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: