Wireless Access

Reply
Occasional Contributor II

Captive Portal controller just SHA 2

Hi.

 

I have configured my captive portal on controller Aruba 3400 firmware 6.3.1.16, will validate user by freeradius server.

 

My client wants use only SHA 2, is it possible? Could be:

 

Configuration--> Management--> Certificates--> CSR--> Key length = 256 ?

 

Today Key Length =1024.

 

It is correct? Or not have way to do this?

 

Thks

Paulo Mauricio

Re: Captive Portal controller just SHA 2

SHA2 can use 4 kinds of hash functions: SHA224, SHA256, SHA384 and SHA512.

Pick any of those for an SHA2 cert.
Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Occasional Contributor II

Re: Captive Portal controller just SHA 2

Thanks James for your response.

Today my users go to securelogin.arubanetworks.com page and the certificate GeoTrust DV SSL CA SHA1. 

For SHA2 I have to go in configuration-->certificates-->upload a certificate?

 

Regards,

 

Paulo Maurício

 

Re: Captive Portal controller just SHA 2

In the WebUI

1.    Navigate to the Configuration >Management >Certificates > CSR page.

2.    Click Generate New.

3.    Enter the following information:

 

Table 106 CSR Parameters (Continued)

Parameter

Description

Range

key

Length of private/public key.

1024/2048/4096

common_name

Typically, this is the host and domain name, as in aruba-master.yourcompany.com.

country

Two-letter ISO country code for the country in which your organization is located.

 

state_or_province

State, province, region, or territory in which your organization is located.

 

city

City in which your organization is located.

 

organization

Name of your organization.

 

unit

Optional field to distinguish a department or other unit within your organization.

 

email

Email address referenced in the CSR.

Then create a certificate from the CSR on your chosen Certificate Authority (Public or Internal depending on the deployment).

 

Then once you have the cert, upload it as you mentioned.

 

.. and don't forget to assign the cert to a use: Configuration -> Management -> General

 

 

 

Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Guru Elite

Re: Captive Portal controller just SHA 2

It is recommended to do the CSR / key generation on an external server so you can backup the private key.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: Captive Portal controller just SHA 2

James thanks again.

 

Today the configuration-->management-->general is default. After upload new cert I will have 2 options (default and new cert), correct? When change and aply, my APs wull reboot?

 

Regards,

 

Paulo Mauricio

Re: Captive Portal controller just SHA 2

You're correct about changing the cert but your APs will not reboot.

When you change the cert the web server process will restart and you'll be logged out on the web console.

Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Occasional Contributor II

Re: Captive Portal controller just SHA 2

Ok James.

 

When I do it I post here.

 

Thks again.

 

Regards,

 

Paulo Mauricio

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: