IAP 4.1 and Later versions
AMP 8.0 and above versions
IAP latest version supports uploading customized captive portal server certificate in PEM or PKCS#12 format. The captive portal server certificates verifies internal captive portal server’s identity to the client.
Airwave Management server (AMP) can be used to manage IAP certificates like server certificate, captive portal server certificate.
The AMP performs basic certificate verification (such as certificate type, format, version, serial number and so on), before accepting the certificate and uploading to an IAP network. The AMP packages the text of the certificate into an HTTPS message and sends it to the Virtual Controller. After the VC receives this message, it draws the certificate content from the message, converts it to the right format, and saves it.
Note: User **MUST** resolve configuration audit mismatches for the IAP VC before performing the activity below to avoid unexpected configuration push to IAP VC. Contact Aruba Support when need help in resolving mismatch for IAP.
Note: When using template based configuration management for IAP, ensure the template has the line "%captive_portal_cert_checksum%". This line forces AMP to audit and push captive portal certificate to VC.
AMP /var/log/igc/igc.log file, shows AMP progress to push captive portal certificate to IAP.
2016-09-09 16:07:26,134 INFO Group com.airwave.config.services.GroupService change type[update] for table[ap_group]
2016-09-09 16:07:26,135 INFO Message com.airwave.config.services.MessageService sending:
2016-09-09 16:07:42,130 INFO Core com.airwave.config.services.MessageService Received message with type: config
2016-09-09 16:07:42,191 INFO Message com.airwave.config.services.MessageService sending:
2016-09-09 16:07:42,508 INFO Message com.airwave.config.services.MessageService sending:
2016-09-09 16:07:58,421 INFO Core com.airwave.config.services.MessageService Received message with type: config
2016-09-09 16:07:58,460 INFO Message com.airwave.config.services.MessageService sending:
To debug AMP swarm message, enable qlog debug for swarm_debug and decode the swarm debug file for topic commands. below are example messages from AMP to IAP showing cp certificate instal.
commands topic log file:
Fri Sep 9 16:07:42 2016 (1473462462.052058)
cmd => [
guid => 'ab9474ed01b3aecbb190ebadea59663faed56759c2c4f700d7'
Fri Sep 9 16:07:54 2016 (1473462474.303502)
'-----BEGIN RSA PRIVATE KEY-----
IAP cli command “show cpcert”, confirms the captive portal certificate in use.
I was hoping I would come across some info as to why importing the pem file wasn't working in airwave for IAP Captive Portal. I was able to answer the question and wanted to post incase someone else had the same issue.
Airwave requires the private key in the pem file to be *not* encrypted. If you have a encrypted private key in your pem file, airwave will not accept this file format. You will need to re-create your cert / private key with a non-encrypted pkey and try again.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.