Wireless Access

Reply
Occasional Contributor I
Posts: 9
Registered: ‎04-18-2011

import server, CA certificate

Hi,

 

To import a server- and the trusted CA certificate on the controller. Do we import the 2 seperate or do we made a chained certificate with the server- and CA certficate and import the chained certificate into the controller as a server certificate?

 

regards

 

Aruba
Posts: 1,643
Registered: ‎04-13-2009

Re: import server, CA certificate

You should be able to do either method.    I usually add them separately, but if there is an intermediate issuing CA, you may need to chain that before importing.    See Aruba KB https://arubanetworkskb.secure.force.com/pkb/articles/HowTo/R-772 for more information.   

 

Other commentary on this here in the community:

 

 

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Occasional Contributor I
Posts: 9
Registered: ‎04-18-2011

Re: import server, CA certificate

HI,

 

In my case, I have only a ROOT CA.

So I import the ROOT CA as a trusted CA into the controller.

Then I import my certificate (that I generate on my ROOT CA) as a server certificate.

under management, I change the webgui certificate to my server certificate.

 

Then I logon to the controller. I have no warning message. But next to the url in the explorer, I do see still a certificate error.

 

This website’s address does not match the address in the security certificate

This error means that a website is using a certificate that was issued to a different web address. This error can occur if a company owns several websites and uses the same certificate for multiple websites.

Aruba
Posts: 1,643
Registered: ‎04-13-2009

Re: import server, CA certificate

What common name is on the certificate (CN).   It can be seen in the Issued To: field.   Is it the same FQDN name you are typing in the URL?    If not, you'll get a certificate error.

 

 

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Occasional Contributor I
Posts: 9
Registered: ‎04-18-2011

Re: import server, CA certificate

I have to check this.

but I am using the ip address to logon

 

regards

 

Aruba
Posts: 1,643
Registered: ‎04-13-2009

Re: import server, CA certificate

That would be the reason.  The IP does not match the name the certificate is issued to. 

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Occasional Contributor I
Posts: 9
Registered: ‎04-18-2011

Re: import server, CA certificate

will the certificate only work when you use name of the device? Or can we do it also with ip address?

Aruba
Posts: 1,643
Registered: ‎04-13-2009

Re: import server, CA certificate

 

You should be able to use an IP as the common name of a certificate if you'd prefer (if that is your question); but they are typically FQDNs.

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

New Contributor
Posts: 2
Registered: ‎08-23-2011

Re: import server, CA certificate

Thank-you.  This was very helpful. 


clembo wrote:

You should be able to do either method.    I usually add them separately, but if there is an intermediate issuing CA, you may need to chain that before importing.    See Aruba KB https://arubanetworkskb.secure.force.com/pkb/articles/HowTo/R-772 for more information.   

 

Other commentary on this here in the community:

 

 



clembo wrote:

You should be able to do either method.    I usually add them separately, but if there is an intermediate issuing CA, you may need to chain that before importing.    See Aruba KB https://arubanetworkskb.secure.force.com/pkb/articles/HowTo/R-772 for more information.   

 

Other commentary on this here in the community:

 

 




Search Airheads
Showing results for 
Search instead for 
Did you mean: