Wireless Access

Reply
New Contributor

Can't find the CSR Creation Option

Hi,

 

Device: Aruba 325

OS Version: 6.4.4.4

 

I'm trying to generate a CSR and I'm following the ArubaOS 6.4.4.x User Guide.  On page 848 it says:

 

"In the WebUI 1. Navigate to the Configuration > Management > Certificates > CSR page."

 

I don't even see a Configuration link.  If I click Maintenance I have a Configuration tab but Management > Certificates is not there.

 

I also tried to follow the CLI instructions without success.

 

What am I missing?

 

Thanks in advance

Guru Elite

Re: Can't find the CSR Creation Option

If you have an IAP (Instant 325), there is no option to create a CSR.  Please see the post here:  https://community.arubanetworks.com/t5/Controller-less-WLANs/ArubaOS-Default-Certificate-Revocation-FAQ-Instant/ta-p/275814



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor

Re: Can't find the CSR Creation Option

Thanks for the response Colin.

 

I would like to install a private cert. 

 

"1 – While a self-signed or private certificate can be used for captive portal, it is not recommended as guests will not have the certificate and/or root CA installed and will receive a certificate error."

 

I'm not concered about the captive portal as I'm the only person who will access this. The reason I'm trying to do this is because our vulnerability scanner flagged this. 

 

Vulnerability Description:
The server's TLS/SSL certificate is self-signed. Self-signed certificates cannot be trusted by default, especially because TLS/SSL man-in-the-middle attacks typically use self-signed certificates to eavesdrop on TLS/SSL connections.

 

Vulnerability Solution:
Replace TLS/SSL self-signed certificate

Obtain a new TLS/SSL server certificate that is NOT self-signed and install it on the server. The exact instructions for obtaining a new certificate depend on your organization's requirements. Generally, you will need to generate a certificate request and save the request as a file. This file is then sent to a Certificate Authority (CA) for processing.

 

CVE IDs: N/A

Nexpose Vulnerability IDs: ssl-self-signed-certificate

 

We have an internal CA, I just need to generate the CSR. Without that being an option with Aruba Instant it looks like my only option is to obtain a public cert? Which doesn't really make sense given the scope of this.

 

Are there any versions of firmware where this could work or is it strictly not available in Aruba Instant?

 

Any advice is apprecaited. Thanks

Guru Elite

Re: Can't find the CSR Creation Option

There are ways to generate a server certificate without generating a CSR on most platforms.  Depending on your CA, you might have to search to find out how to do it.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor

Re: Can't find the CSR Creation Option

Thanks I'll follow up with that team.

Guru Elite

Re: Can't find the CSR Creation Option

Alternatively, you can just follow the instructions here   http://community.arubanetworks.com/t5/Controller-less-WLANs/How-to-Create-a-Certificate-for-Instant-Captive-Portal-using/ta-p/277025 with Open SSL and submit the result of that CSR to your team.  Follow the instructions to create a .pem file and upload to the Instant virtual controller.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor

Re: Can't find the CSR Creation Option

 

Following the OpenSSL method referenced above I was able to generate a CSR and send it to our internal CA. When I tried to upload it to the instant virtual controller I got an error (see screenshot).cert.png

 

 

 

 

 

 

 

 

 

I I verified the cert being valid with https://www.sslshopper.com/certificate-decoder.html.  Any advice is appreicaed. 

 

Thanks,

Andres

Guru Elite

Re: Can't find the CSR Creation Option

Please try the method here:  http://community.arubanetworks.com/t5/Controller-less-WLANs/How-to-Create-a-Certificate-for-Instant-Captive-Portal-using/ta-p/277025

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: