Wireless Access

Reply
Occasional Contributor II
Posts: 14
Registered: ‎04-14-2009

Move certificates to another controller

Hi,

 

after an RMA i need to transport the controller certs to a newly configured controller.

 

What i like to do is:

 

- get flashbackup from running controller

- unpack it

- copy certs, csr, and private key to the appropriate places in the certmgr folder

- repack it to flashbackup.tar.gz

- copy back to controller

- restore flash

- reboot

 

I tried this, but i still have the old CSR as if nothing had been restored. Maybe modifying the flashbackup.tar.gz is not possible?

 

Has anyone experience with this?

 

Best regards,

Andreas

Aruba Employee
Posts: 571
Registered: ‎04-17-2009

Re: Move certificates to another controller

Is the flashbackup.tar.gz from the old controller that you sent back?

 

If so, you are making this much harder than it needs to be. You can just restore the flashbackup.tar.gz to the new controller. I did this a couple weeks ago. Certs showed up without an issue. No need to do anything else.

 

Zach

Thanks,

Zach Jennings
Occasional Contributor II
Posts: 14
Registered: ‎04-14-2009

Re: Move certificates to another controller

Hi,

 

yes, i also think i am making this much harder. ;-)

 

Situation is like this: i configured a controller including generation of certs. then it went down due to hardware damage and got rma'd. meanwhile we configured a replacement controller and did a lot of changes to the config. so, i thought i could just take the backup of the broken controller, take out the certs including private key and CSR and reinject it to the new config.

 

but that did not work. i suppose the repackaging of the tar.gz went wrong. but i think the question is of general interest since i wonder now if it is possible to take a flashbackup.tar.gz, change it, and repackage it.

 

wondering,

andreas

Guru Elite
Posts: 20,768
Registered: ‎03-29-2007

Re: Move certificates to another controller

[ Edited ]

Well, if you move the flashbackup.tar.gz from one controller to another, the procedure should  be:

 

(1)  Make sure the new controller is the same platform as the old (3000 series to 3000 series, etc).  Make sure it is also the same version of code as the old if possible.

(2) copy the flashbackup.tar.gz  fileoff the first controller and to the new controller

(3) restore the backup to the new controller and paste in the new controller's licenses before you reboot (DO NOT type "write mem")

(4) Reboot the Controller, once again, without typing write mem

(5) The New controller should be just like the old.

 

Each step is crucial.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 14
Registered: ‎04-14-2009

Re: Move certificates to another controller

Hi,

 

yes, that is the procedure on how to move the flashbackup to another controller. What i am trying to do is:

 

(1) Take the flashbackup from my new and configured controller.

(2) Replace just the controller CSR file inside that controller with the CSR from the backup of the old one.

(3) Copy that flashbackup back to my controller and have the CSR

 

What is different here, is that i have to unpack and repack the tar.gz file. And i have the feeling that this is the step that does not work, so that i again have the CSR on the controller which i hoped to replace.

 

Regards,

Andreas

 

Guru Elite
Posts: 20,768
Registered: ‎03-29-2007

Re: Move certificates to another controller

You are right.  That does not work; unpacking and then repacking.  If you just do a full replacement, you can start from there.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: