OK, TAC case has been opened

We had GotoMeeting session with Aruba support. Problem was that I had installed my custom cert only for Pound revese proxy service and not for Apache. It seems that VisualRF runs on separate process which takes certs from different location than Pound. 

Offical installation instructions are here: https://arubanetworkskb.secure.force.com/pkb/articles/FAQ/How-to-install-your-own-certificate-on-AMP-versions-7-2-4-and-greater

Short simplified version would be, assuming that you import private key and certificate from elsewhere:

- Create dir /var/airwave/custom/ssl-certs/

- Import your private key and certificate as separate files into that dir, name them newcert.crt (certificate) and newcert_private.key (private key)

- Follow KB instructions from step 2

2. Concatenate your certificate and private key into one file, to be used by pound. Add a new line to the end of the certificate to ensure that the two files don't get jumbled together during the concatenation. 

# echo -e "\n" >> /var/airwave/custom/ssl-certs/newcert.crt 
# cat /var/airwave/custom/ssl-certs/newcert.crt /var/airwave/custom/ssl-certs/newcert_private.key > /var/airwave/custom/ssl-certs/pound.crt 

3. Modify the symbolic (soft) links in the default directories to point to your new certificate and private key files: 

# ln -sf /var/airwave/custom/ssl-certs/newcert.crt /etc/httpd/conf/ssl.crt/server.crt 
# ln -sf /var/airwave/custom/ssl-certs/newcert_private.key /etc/httpd/conf/ssl.key/server.key 
# ln -sf /var/airwave/custom/ssl-certs/pound.crt /etc/httpd/conf/ssl.pem 


4. Restart the Apache and pound web servers: 

# ra 
# service pound restart