Wireless Access

Reply
New Contributor
Posts: 2
Registered: ‎05-31-2012

AMP how do you generate new self signed SSL certificate?

When changing IP address on AirWave (AMP) do you also need to generate a new self signed SSL certificate?

If yes, how do you generate a new self signed SSL certificate?

Moderator
Posts: 1,270
Registered: ‎10-16-2008

Re: AMP how do you generate new self signed SSL certificate?

[ Edited ]

You've got a few options depending on how the initial setup was done.

 

1) When you originally set up your AMP, did you apply a hostname?  If so, then your SSL cert should be generated based on the hostname and not IP.  No action required.

 

2) If you're not sure about #1, you can run the attached script:

SAMPLE USAGE:

-upload into /var/airwave/custom

# custom

# chmod 777 GenerateAMPCert.patch

# ./GenerateAMPCert.patch

(Begin Example Output)

STEP 1: Generating AMP's SSL certificate

Does AMP have a valid DNS name on your network (y/n)? y
Enter AMP's fully qualified domain name: rob.makes.certs
Generating SSL certificate for rob.makes.certs
starting...


CONGRATULATIONS! Generated new cert.

(End Example Output)

2) removing the attached script, there's a built in way that's actually easier.  You can simply re-run the installation script, just decline for reinstall -> this will run through network wizard, hostname, cert, and root pw.

[root@batman mercury]# cd /root

[root@batman ~]# ./amp-install

Welcome to AMP Installer Phase 2

STEP 1: Configuring Date and Time

------------------------ Date and Time Configuration ---------------------


Current Time: Thu May 21 17:19:50 PDT 2015


1) Change Date and Time
2) Change Time Zone

0) Finish

> 0
Date and Time Configuration finished.

STEP 2: Checking for previous AMP installation
The installation program has discovered a previous version of the software.
Would you like to reinstall AMP? This will erase the AMP's database.
Reinstall? (y/n): n
Skipping STEP 3.

STEP 4: Checking AMP installation
Database is up.
AMP is running version: 8.0.8.1

STEP 5: Assigning AMP's address
AMP must be configured with a static IP.

------------------ Primary Network Interface Configuration ---------------

1) IP Address : 
2) Netmask : 
3) Gateway : 
4) Primary DNS : 
5) Secondary DNS: 

9) Commit Changes
0) Exit (discard changes)

> 9
Configuration Successful. Exiting.

If you want to configure a second network interface, please
use AMP's web interface, AMP Setup --> Network Tab

STEP 6: Naming AMP
AMP name is currently set to: batman
Please enter a name for your AMP: batman
AMP name has been set.

STEP 7: Generating AMP's SSL certificate
Does AMP have a valid DNS name on your network (y/n)? y
Enter AMP's fully qualified domain name: batman.nananana.com
Generating SSL certificate for batman.nananana.com
starting...


STEP 8: Changing default root password.
It is strongly recommended that you change the default 'root' password.
Please use a password that you consider to be safe, secure, and memorable.

Changing password for user root.
New password: ********
Retype new password: ********
passwd: all authentication tokens updated successfully.

CONGRATULATIONS! AMP is configured properly.
To access AMP web console, browse to https://xxx.xxx.xxx.xxx
Login with the following credentials:
Username: admin
Password: admin

 

 

3) If you want to upload your own SSL cert, you can follow: https://arubanetworkskb.secure.force.com/pkb/articles/FAQ/How-to-install-your-own-certificate-on-AMP-versions-7-2-4-and-greater mentioned in this other thread: http://community.arubanetworks.com/t5/AirWave-and-Network-Management/How-to-install-certificate/td-p/7076


Rob Gin
Senior QA Engineer - Network Services
Aruba Networks, a Hewlett Packard Enterprise Company
Search Airheads
Showing results for 
Search instead for 
Did you mean: