Wireless Access

Reply
Regular Contributor I
Posts: 175
Registered: ‎10-22-2010

Custom captive-portal certificate in master-local topology

Hi Based on this KB https://arubanetworkskb.secure.force.com/pkb/articles/HowTo/R-1544 we will be implementing custom-captive portal certificate on a master & multi-local setup. Can we generate CSR from the master and get the certificate from the CA. Then upload the obtained certificate on the master and all the local controllers?

Guru Elite
Posts: 8,773
Registered: ‎09-08-2010

Re: Custom captive-portal certificate in master-local topology

You should do the csr from a server so that you can export the private key.

Then sign it, import it to the server, then export it with the private key.

Then import it on the controllers.

Easiest way is to use a Windows box with IIS or a Linux box with openssl.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Regular Contributor I
Posts: 175
Registered: ‎10-22-2010

Re: Custom captive-portal certificate in master-local topology

Hi 

 

Thank you for help. as per this KB.

https://arubanetworkskb.secure.force.com/pkb/articles/HowTo/R-1207

 

I can use the CSR generated from master controller, and get the server certificate from the CA. 

 

then upload and use the same certificate on all controllers, it will work, right? 

Aruba Employee
Posts: 38
Registered: ‎03-20-2013

Re: Custom captive-portal certificate in master-local topology

Hi Yogenpartha,

 

It won't work.

 

You have two options ::

 

  1. Generate CSR on each controller and get them signed. When CSR is generated on controller; the private key doesn't leave the box (for security reasons). Please see here https://arubanetworkskb.secure.force.com/pkb/articles/HowTo/R-890
  2. Generate CSR outside as mentioned already and get it signed. In this case; we can upload single cert to all controllers as private key isn't locked to the controller where CSR was generated.

Hope this helps.

 

 

Thank you,

Regards,

Vijay Rajasimhan | Principal Network Engineer
Customer Advocacy | Aruba Networks

Did something you read in the Community solve a problem for you? If so, click "Accept as Solution" in the bottom right hand corner of the post.
Regular Contributor I
Posts: 175
Registered: ‎10-22-2010

Re: Custom captive-portal certificate in master-local topology

Hi 

 

Thank you for reply. Can a public CA, generate a CSR by themselves with the details needed for generating the CSR. I dont know how it works.. 

 

so that i can use the same certificate on all the OAW controllers? 

Guru Elite
Posts: 8,773
Registered: ‎09-08-2010

Re: Custom captive-portal certificate in master-local topology

You should generate the CSR on an external server so that you can export the private key. If you have the private key, you can use the cert on all of your controllers.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: