Wireless Access

last person joined: 12 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Can't change certificate on master controller

This thread has been viewed 44 times

  • 1.  Can't change certificate on master controller

    Posted Sep 27, 2012 06:50 PM

    Uploaded commercial certificates and when trying to switch to them, nothing happens.  So doing it via the console, I'm getting:

     

     #web-server no switch-cert
    Error: server certificate "aruba-master_verisign_bndl" not found

    Can't delete it from the GUI - get "Cert is either not present or referenced by an application".  It is referenced twice. 

     

    Any ideas?

     

    Here's some output..

     

    (Fine-Arts-Master-M3) #show web-server

Web Server Configuration (Invalid: Error: server certificate "aruba-master_verisign_bndl" not found)
----------------------------------------------------------------------------------------------------
Parameter                                      Value
---------                                      -----
Cipher Suite Strength                          high
SSL/TLS Protocol Config                        sslv3 tlsv1
Switch Certificate                             aruba-master_verisign_bndl
Captive Portal Certificate                     aruba-master_verisign_bndl
Management user's WebUI access method          username/password
User session timeout <30-3600> (seconds)       900
Maximum supported concurrent clients <25-400>  25

(Fine-Arts-Master-M3) #show crypto-local pki serverCert

Certificates
------------
Name                    Original Filename               Reference Count  Expired
--------------          -----------------               ---------------  -------
aruba-master-Verisign   aruba-master_verisign_bndl.cer  2                No
aruba-master.xxx.xxx    aruba-master-cert.txt           1                No
EAP-Termination         EAP-Termination.pem             1                No

     

     



  • 2.  RE: Can't change certificate on master controller

    EMPLOYEE
    Posted Sep 27, 2012 06:53 PM

    Did you upload them as "server certs"?  As soon as you do that, the controller should switch to it.

     



  • 3.  RE: Can't change certificate on master controller

    Posted Sep 27, 2012 06:55 PM

    Yes.  They were uploaded as Server certs.  The other controllers had no problems.  Just the master for some reason.  I updated the thread to include the output.



  • 4.  RE: Can't change certificate on master controller
    Best Answer

    EMPLOYEE
    Posted Sep 27, 2012 06:57 PM

    Try to upload the server certificate again with a different name... (no special characters)

     

     



  • 5.  RE: Can't change certificate on master controller
    Best Answer

    Posted Oct 02, 2012 09:49 AM

     

    Ok - I was able to upload a copy of the certificate via the GUI using the name that was expected by the config.  Then I was able to switch to the correct certificate and then deleted the temporary one.

     

    Thanks for the suggestion...



  • 6.  RE: Can't change certificate on master controller

    EMPLOYEE
    Posted Oct 02, 2012 09:59 AM
    @su_A_ve wrote:

    I have in fact another server cert (from our internal CA), but the problem is I cannot switch to it.

     

    Also, note that we had no problem installing the cert on the other controllers, using the exact naming convention.  We are opening a case...

     

    Is there a way to upload the file a different way than thru the GUI?  Ie SFTP/FTP/TFTP ?  I can't see the file even on the other controllers

    The GUI is the only way, unfortunately.  Let us know the result of the case.

     



  • 7.  RE: Can't change certificate on master controller

    Posted Sep 11, 2014 02:19 PM

    Hi!

     

     

    Found this post when I researched a similar, but not quite the same, problem. At least I don't think so?

     

    I have received an updated SSL certificate as the current is about to expire. Use the WebUI to upload a new "server cert". Uploads fine, but when I attempt to remove the certificate that  is abotu to expire (not yet expired though). I get the aforementioned error message saying that it is referenced by an application.

     

    I have search through the documentation hoping to find where in my config I have specified the old certificate, so that it can be replaced with the new. Can you please tell me how this is done and/or if I have missed something else?

     

    Thanks!

    Fredrik

     

    Web Server Configuration
------------------------
Parameter                                      Value
---------                                      -----
Cipher Suite Strength                          high
SSL/TLS Protocol Config                        sslv3 tlsv1
Switch Certificate                             sto-wac01
Captive Portal Certificate                     sto-wac01
Management user's WebUI access method          username/password
User session timeout <30-3600> (seconds)       900
Maximum supported concurrent clients <25-320>  25
Enable WebUI access on HTTPS port (443)        true
Web Lync Listen Port <1024-65535>              0

 

(Aruba3200) #show crypto-local pki serverCert

Certificates
------------
Name            Original Filename   Reference Count  Expired
--------------  -----------------   ---------------  -------
sto-wac01       sto-wac01.pfx       2                No
sto-wac01-2014  sto-wac01_2014.pfx  0                No

     

     



  • 8.  RE: Can't change certificate on master controller

    Posted Sep 14, 2014 02:40 PM

    I found what I was looking for under configuration -> management -> general. I replaced certificate used by both services, rebooted the controller... Now, I'm unable to access the WebUI but can confirm that the services are using the new certificate (show web-server). Can I expect any logfile to contain errors pertaining to the certificate or where would you start looking?

     

    Cheers,

    Fred