05-18-2015 05:47 PM
When changing IP address on AirWave (AMP) do you also need to generate a new self signed SSL certificate?
If yes, how do you generate a new self signed SSL certificate?
Solved! Go to Solution.
05-20-2015 09:24 AM - edited 05-21-2015 10:27 AM
You've got a few options depending on how the initial setup was done.
1) When you originally set up your AMP, did you apply a hostname? If so, then your SSL cert should be generated based on the hostname and not IP. No action required.
2) If you're not sure about #1, you can run the attached script: SAMPLE USAGE: -upload into /var/airwave/custom # custom # chmod 777 GenerateAMPCert.patch # ./GenerateAMPCert.patch (Begin Example Output) STEP 1: Generating AMP's SSL certificate Does AMP have a valid DNS name on your network (y/n)? y Enter AMP's fully qualified domain name: rob.makes.certs Generating SSL certificate for rob.makes.certs starting... CONGRATULATIONS! Generated new cert. (End Example Output)
2) removing the attached script, there's a built in way that's actually easier. You can simply re-run the installation script, just decline for reinstall -> this will run through network wizard, hostname, cert, and root pw.
[root@batman mercury]# cd /root
[root@batman ~]# ./amp-install
Welcome to AMP Installer Phase 2
STEP 1: Configuring Date and Time
------------------------ Date and Time Configuration ---------------------
Current Time: Thu May 21 17:19:50 PDT 2015
1) Change Date and Time
2) Change Time Zone
Date and Time Configuration finished.
STEP 2: Checking for previous AMP installation
The installation program has discovered a previous version of the software.
Would you like to reinstall AMP? This will erase the AMP's database.
Reinstall? (y/n): n
Skipping STEP 3.
STEP 4: Checking AMP installation
Database is up.
AMP is running version: 188.8.131.52
STEP 5: Assigning AMP's address
AMP must be configured with a static IP.
------------------ Primary Network Interface Configuration ---------------
1) IP Address :
2) Netmask :
3) Gateway :
4) Primary DNS :
5) Secondary DNS:
9) Commit Changes
0) Exit (discard changes)
Configuration Successful. Exiting.
If you want to configure a second network interface, please
use AMP's web interface, AMP Setup --> Network Tab
STEP 6: Naming AMP
AMP name is currently set to: batman
Please enter a name for your AMP: batman
AMP name has been set.
STEP 7: Generating AMP's SSL certificate
Does AMP have a valid DNS name on your network (y/n)? y
Enter AMP's fully qualified domain name: batman.nananana.com
Generating SSL certificate for batman.nananana.com
STEP 8: Changing default root password.
It is strongly recommended that you change the default 'root' password.
Please use a password that you consider to be safe, secure, and memorable.
Changing password for user root.
New password: ********
Retype new password: ********
passwd: all authentication tokens updated successfully.
CONGRATULATIONS! AMP is configured properly.
To access AMP web console, browse to https://xxx.xxx.xxx.xxx
Login with the following credentials:
3) If you want to upload your own SSL cert, you can follow: https://arubanetworkskb.secure.force.com/pkb/articles/FAQ/How-to-install-your-own-certificate-on-AMP-versions-7-2-4-and-greater mentioned in this other thread: http://community.arubanetworks.com/t5/AirWave-and-Network-Management/How-to-install-certificate/td-p/7076
Senior QA Engineer - Network Services
Aruba Networks, a Hewlett Packard Enterprise Company