Wireless Access

Reply
Occasional Contributor I
Posts: 6
Registered: ‎01-01-2017

Certificate Signing Request with ECDSA P-384 and SHA-384

Is it possible to create a Certificate Signing Request for ECDSA P-384 and SHA-384 with the Aruba Mobility Controller 72xx series?

 

It appears to be limited to SHA-256 as a maximum.

Guru Elite
Posts: 20,759
Registered: ‎03-29-2007

Re: Certificate Signing Request with ECDSA P-384 and SHA-384

[ Edited ]

Do you mean this?

 

ec.png

 

http://www.arubanetworks.com/techdocs/ArubaOS_65x_WebHelp/Web_Help_Index.htm#ArubaFrameStyles/Management_Utilities/Managing_Certificates.htm?Highlight=csr



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 6
Registered: ‎01-01-2017

Re: Certificate Signing Request with ECDSA P-384 and SHA-384

[ Edited ]

Thank you for the reply but from my understanding, that may be SHA2 but not at 384. If you generate a CSR with that, I think you will find it is SHA-256. I could be wrong, it may be I'm running an older version of code or have a licensing issue. I'm new to Aruba.

Judging by the Open SSL documentation, it should list ecdsa-with-SHA384.I think Aruba uses Open SSL due to the similarity in the command line.

Here is a link that discusses the Open SSL capability.

http://stackoverflow.com/questions/16818014/generate-csr-with-secp384r1elliptic-curve-key-and-sha384-hash-signature

Being new to Aruba, I don't know of any way to get this rone.

Guru Elite
Posts: 8,320
Registered: ‎09-08-2010

Re: Certificate Signing Request with ECDSA P-384 and SHA-384

In most cases, it's recommended to do the CSR on an external server so you can back up the private key and/or use the certificate on your other controllers.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Guru Elite
Posts: 20,759
Registered: ‎03-29-2007

Re: Certificate Signing Request with ECDSA P-384 and SHA-384

Agreed,

 

Just generate your own CSR offline.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 6
Registered: ‎01-01-2017

Re: Certificate Signing Request with ECDSA P-384 and SHA-384

Thanks, got it.

 

On a different device:

Create keys as exportable

Create CSR

Apply for certificate using CSR

Import keys on controller

Import certificate on controller

 

Show some care when doing this, certificates are tied to DNS.

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: