Wireless Access

Reply
Contributor I

Can't change certificate on master controller

Uploaded commercial certificates and when trying to switch to them, nothing happens.  So doing it via the console, I'm getting:

 

 #web-server no switch-cert
Error: server certificate "aruba-master_verisign_bndl" not found

Can't delete it from the GUI - get "Cert is either not present or referenced by an application".  It is referenced twice. 

 

Any ideas?

 

Here's some output..

 

(Fine-Arts-Master-M3) #show web-server

Web Server Configuration (Invalid: Error: server certificate "aruba-master_verisign_bndl" not found)
----------------------------------------------------------------------------------------------------
Parameter                                      Value
---------                                      -----
Cipher Suite Strength                          high
SSL/TLS Protocol Config                        sslv3 tlsv1
Switch Certificate                             aruba-master_verisign_bndl
Captive Portal Certificate                     aruba-master_verisign_bndl
Management user's WebUI access method          username/password
User session timeout <30-3600> (seconds)       900
Maximum supported concurrent clients <25-400>  25

(Fine-Arts-Master-M3) #show crypto-local pki serverCert

Certificates
------------
Name                    Original Filename               Reference Count  Expired
--------------          -----------------               ---------------  -------
aruba-master-Verisign   aruba-master_verisign_bndl.cer  2                No
aruba-master.xxx.xxx    aruba-master-cert.txt           1                No
EAP-Termination         EAP-Termination.pem             1                No

 

 

°(((=((===°°°(((================================================
Guru Elite

Re: Can't change certificate on master controller

Did you upload them as "server certs"?  As soon as you do that, the controller should switch to it.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor I

Re: Can't change certificate on master controller

Yes.  They were uploaded as Server certs.  The other controllers had no problems.  Just the master for some reason.  I updated the thread to include the output.

°(((=((===°°°(((================================================
Guru Elite

Re: Can't change certificate on master controller

Try to upload the server certificate again with a different name... (no special characters)

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor I

Re: Can't change certificate on master controller

 

Ok - I was able to upload a copy of the certificate via the GUI using the name that was expected by the config.  Then I was able to switch to the correct certificate and then deleted the temporary one.

 

Thanks for the suggestion...

°(((=((===°°°(((================================================
Guru Elite

Re: Can't change certificate on master controller


su_A_ve wrote:

I have in fact another server cert (from our internal CA), but the problem is I cannot switch to it.

 

Also, note that we had no problem installing the cert on the other controllers, using the exact naming convention.  We are opening a case...

 

Is there a way to upload the file a different way than thru the GUI?  Ie SFTP/FTP/TFTP ?  I can't see the file even on the other controllers


The GUI is the only way, unfortunately.  Let us know the result of the case.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor I

Re: Can't change certificate on master controller

Hi!

 

 

Found this post when I researched a similar, but not quite the same, problem. At least I don't think so?

 

I have received an updated SSL certificate as the current is about to expire. Use the WebUI to upload a new "server cert". Uploads fine, but when I attempt to remove the certificate that  is abotu to expire (not yet expired though). I get the aforementioned error message saying that it is referenced by an application.

 

I have search through the documentation hoping to find where in my config I have specified the old certificate, so that it can be replaced with the new. Can you please tell me how this is done and/or if I have missed something else?

 

Thanks!

Fredrik

 

Web Server Configuration
------------------------
Parameter                                      Value
---------                                      -----
Cipher Suite Strength                          high
SSL/TLS Protocol Config                        sslv3 tlsv1
Switch Certificate                             sto-wac01
Captive Portal Certificate                     sto-wac01
Management user's WebUI access method          username/password
User session timeout <30-3600> (seconds)       900
Maximum supported concurrent clients <25-320>  25
Enable WebUI access on HTTPS port (443)        true
Web Lync Listen Port <1024-65535>              0

 

(Aruba3200) #show crypto-local pki serverCert

Certificates
------------
Name            Original Filename   Reference Count  Expired
--------------  -----------------   ---------------  -------
sto-wac01       sto-wac01.pfx       2                No
sto-wac01-2014  sto-wac01_2014.pfx  0                No

 

 

Contributor I

Re: Can't change certificate on master controller

I found what I was looking for under configuration -> management -> general. I replaced certificate used by both services, rebooted the controller... Now, I'm unable to access the WebUI but can confirm that the services are using the new certificate (show web-server). Can I expect any logfile to contain errors pertaining to the certificate or where would you start looking?

 

Cheers,

Fred

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: