Controllerless Networks

I have a long standing issue  with replacing the https cert on my instant cluster ( 8.8.0.1) but it has been happening in ever previous release.

I create an appropriate upload file by

Copying  cert into file1.pem

Append the cert CA chain  by cat <cachain.pem>  >>file1.pem

Append the key by typing

cat <keyfile.pem >>file1.pem

File1.pem then has

I then upload this file onto the instant cluster VC

If I get the format of the file wrong, then  when i log back onto the VC the https cert used is still the old one but more annoyingly if i go to management/certificates  you cannot see the certs on the VC, the web page just blanks out.

The last time I fixed this by using airwave to uplaod the cert but that is no longer possible.

Can you upload a new cert via the cli?


Rgds
Alex

------------------------------
Alex Sharaz
------------------------------

What platform are you doing this on?  I know windows can sometime do silly things with text files like adding hidden characters such as line breaks etc.
The process you describe is pretty much how I do it and it works fine for me.

------------------------------
Michael Clarke (Aruba)
------------------------------

Original Message:
Sent: Aug 26, 2021 11:49 AM
From: Alex Sharaz
Subject: Replacing instant cluster https certificate

I have a long standing issue  with replacing the https cert on my instant cluster ( 8.8.0.1) but it has been happening in ever previous release.

I create an appropriate upload file by

Copying  cert into file1.pem

Append the cert CA chain  by cat <cachain.pem>  >>file1.pem

Append the key by typing

cat <keyfile.pem >>file1.pem

File1.pem then has

I then upload this file onto the instant cluster VC

If I get the format of the file wrong, then  when i log back onto the VC the https cert used is still the old one but more annoyingly if i go to management/certificates  you cannot see the certs on the VC, the web page just blanks out.

The last time I fixed this by using airwave to uplaod the cert but that is no longer possible.

Can you upload a new cert via the cli?


Rgds
Alex

------------------------------
Alex Sharaz
------------------------------

Hi Michael

its macOS

but just tried it in firefox on win 10 and same result .. and safari on macOS

you start off by getting the normal view without the installed cert details but then it all just vanishes.

Although its a blank page, view web page source gives, so its browser independent




Original Message:
Sent: 8/27/2021 2:19:00 AM
From: Michael_Clarke
Subject: RE: Replacing instant cluster https certificate

What platform are you doing this on?  I know windows can sometime do silly things with text files like adding hidden characters such as line breaks etc.
The process you describe is pretty much how I do it and it works fine for me.

------------------------------
Michael Clarke (Aruba)
------------------------------

Original Message:
Sent: Aug 26, 2021 11:49 AM
From: Alex Sharaz
Subject: Replacing instant cluster https certificate

I have a long standing issue  with replacing the https cert on my instant cluster ( 8.8.0.1) but it has been happening in ever previous release.

I create an appropriate upload file by

Copying  cert into file1.pem

Append the cert CA chain  by cat <cachain.pem>  >>file1.pem

Append the key by typing

cat <keyfile.pem >>file1.pem

File1.pem then has

I then upload this file onto the instant cluster VC

If I get the format of the file wrong, then  when i log back onto the VC the https cert used is still the old one but more annoyingly if i go to management/certificates  you cannot see the certs on the VC, the web page just blanks out.

The last time I fixed this by using airwave to uplaod the cert but that is no longer possible.

Can you upload a new cert via the cli?


Rgds
Alex

------------------------------
Alex Sharaz
------------------------------

It seems that you can download the certificate from a tftp server from the CLI: https://www.arubanetworks.com/techdocs/Instant_83_WebHelp/Content/Instant_UG/Authentication/Certificates.htm (you may need to scroll to the right to see all the options)

What may work as well, is to try and upload the certificate ad captive portal certificate first, until you get the certificate import right, as that upload will not affect your WebUI.

Did you check the resulting pem file? Can you make sure that you don't miss any newlines between the certificates/key? And that the file ends with a newline as well? PEM files are normal text files, so you can use any editor to view/edit them. Check this article on how the file should look like.

If all looks good, you may also try to use the decrypted version of your key (if you have it encrypted). Apparently, not all types of key encryption are supported by Instant.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Aug 27, 2021 03:45 AM
From: Alex Sharaz
Subject: Replacing instant cluster https certificate

Hi Michael

its macOS

but just tried it in firefox on win 10 and same result .. and safari on macOS

you start off by getting the normal view without the installed cert details but then it all just vanishes.

Although its a blank page, view web page source gives, so its browser independent

Original Message:
Sent: 8/27/2021 2:19:00 AM
From: Michael_Clarke
Subject: RE: Replacing instant cluster https certificate

What platform are you doing this on?  I know windows can sometime do silly things with text files like adding hidden characters such as line breaks etc.
The process you describe is pretty much how I do it and it works fine for me.

------------------------------
Michael Clarke (Aruba)

Original Message:
Sent: Aug 26, 2021 11:49 AM
From: Alex Sharaz
Subject: Replacing instant cluster https certificate

I have a long standing issue  with replacing the https cert on my instant cluster ( 8.8.0.1) but it has been happening in ever previous release.

I create an appropriate upload file by

Copying  cert into file1.pem

Append the cert CA chain  by cat <cachain.pem>  >>file1.pem

Append the key by typing

cat <keyfile.pem >>file1.pem

File1.pem then has

I then upload this file onto the instant cluster VC

If I get the format of the file wrong, then  when i log back onto the VC the https cert used is still the old one but more annoyingly if i go to management/certificates  you cannot see the certs on the VC, the web page just blanks out.

The last time I fixed this by using airwave to uplaod the cert but that is no longer possible.

Can you upload a new cert via the cli?


Rgds
Alex

------------------------------
Alex Sharaz
------------------------------

Many thanks for this Herman.

The cert is a letsencrypt cert that I use.

Something to do tonight

:-)

Still think the guy shouldn’t blank out of you

Rgds
Alex


Original Message:
Sent: 8/27/2021 7:32:00 AM
From: Herman Robers
Subject: RE: Replacing instant cluster https certificate

It seems that you can download the certificate from a tftp server from the CLI: https://www.arubanetworks.com/techdocs/Instant_83_WebHelp/Content/Instant_UG/Authentication/Certificates.htm (you may need to scroll to the right to see all the options)

What may work as well, is to try and upload the certificate ad captive portal certificate first, until you get the certificate import right, as that upload will not affect your WebUI.

Did you check the resulting pem file? Can you make sure that you don't miss any newlines between the certificates/key? And that the file ends with a newline as well? PEM files are normal text files, so you can use any editor to view/edit them. Check this article on how the file should look like.

If all looks good, you may also try to use the decrypted version of your key (if you have it encrypted). Apparently, not all types of key encryption are supported by Instant.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Aug 27, 2021 03:45 AM
From: Alex Sharaz
Subject: Replacing instant cluster https certificate

Hi Michael

its macOS

but just tried it in firefox on win 10 and same result .. and safari on macOS

you start off by getting the normal view without the installed cert details but then it all just vanishes.

Although its a blank page, view web page source gives, so its browser independent

Original Message:
Sent: 8/27/2021 2:19:00 AM
From: Michael_Clarke
Subject: RE: Replacing instant cluster https certificate

What platform are you doing this on?  I know windows can sometime do silly things with text files like adding hidden characters such as line breaks etc.
The process you describe is pretty much how I do it and it works fine for me.

------------------------------
Michael Clarke (Aruba)

Original Message:
Sent: Aug 26, 2021 11:49 AM
From: Alex Sharaz
Subject: Replacing instant cluster https certificate

I have a long standing issue  with replacing the https cert on my instant cluster ( 8.8.0.1) but it has been happening in ever previous release.

I create an appropriate upload file by

Copying  cert into file1.pem

Append the cert CA chain  by cat <cachain.pem>  >>file1.pem

Append the key by typing

cat <keyfile.pem >>file1.pem

File1.pem then has

I then upload this file onto the instant cluster VC

If I get the format of the file wrong, then  when i log back onto the VC the https cert used is still the old one but more annoyingly if i go to management/certificates  you cannot see the certs on the VC, the web page just blanks out.

The last time I fixed this by using airwave to uplaod the cert but that is no longer possible.

Can you upload a new cert via the cli?


Rgds
Alex

------------------------------
Alex Sharaz
------------------------------

Well

found the clear cert command and tried


clear-cert cp

but get the response


only can execute with no cert assignment

Then checked my concatenated cert/ca/key pen file and yup there was a return missing off the end of it

So …

Tried


copy tftp 192.168.2.4 arubavc-instant.pem cpserver cert fred format pem
^
% Parse error


Original Message:
Sent: 8/27/2021 7:32:00 AM
From: Herman Robers
Subject: RE: Replacing instant cluster https certificate

It seems that you can download the certificate from a tftp server from the CLI: https://www.arubanetworks.com/techdocs/Instant_83_WebHelp/Content/Instant_UG/Authentication/Certificates.htm (you may need to scroll to the right to see all the options)

What may work as well, is to try and upload the certificate ad captive portal certificate first, until you get the certificate import right, as that upload will not affect your WebUI.

Did you check the resulting pem file? Can you make sure that you don't miss any newlines between the certificates/key? And that the file ends with a newline as well? PEM files are normal text files, so you can use any editor to view/edit them. Check this article on how the file should look like.

If all looks good, you may also try to use the decrypted version of your key (if you have it encrypted). Apparently, not all types of key encryption are supported by Instant.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Aug 27, 2021 03:45 AM
From: Alex Sharaz
Subject: Replacing instant cluster https certificate

Hi Michael

its macOS

but just tried it in firefox on win 10 and same result .. and safari on macOS

you start off by getting the normal view without the installed cert details but then it all just vanishes.

Although its a blank page, view web page source gives, so its browser independent

Original Message:
Sent: 8/27/2021 2:19:00 AM
From: Michael_Clarke
Subject: RE: Replacing instant cluster https certificate

What platform are you doing this on?  I know windows can sometime do silly things with text files like adding hidden characters such as line breaks etc.
The process you describe is pretty much how I do it and it works fine for me.

------------------------------
Michael Clarke (Aruba)

Original Message:
Sent: Aug 26, 2021 11:49 AM
From: Alex Sharaz
Subject: Replacing instant cluster https certificate

I have a long standing issue  with replacing the https cert on my instant cluster ( 8.8.0.1) but it has been happening in ever previous release.

I create an appropriate upload file by

Copying  cert into file1.pem

Append the cert CA chain  by cat <cachain.pem>  >>file1.pem

Append the key by typing

cat <keyfile.pem >>file1.pem

File1.pem then has

I then upload this file onto the instant cluster VC

If I get the format of the file wrong, then  when i log back onto the VC the https cert used is still the old one but more annoyingly if i go to management/certificates  you cannot see the certs on the VC, the web page just blanks out.

The last time I fixed this by using airwave to uplaod the cert but that is no longer possible.

Can you upload a new cert via the cli?


Rgds
Alex

------------------------------
Alex Sharaz
------------------------------

o.k so a sh tech-aupport shows that me new cert is actually on the instant AP …its just not been assigned to anything

so if i can find the commands to associate my cert with the userinerface/captive portal etc i should be o.k


Original Message:
Sent: 8/27/2021 7:32:00 AM
From: Herman Robers
Subject: RE: Replacing instant cluster https certificate

It seems that you can download the certificate from a tftp server from the CLI: https://www.arubanetworks.com/techdocs/Instant_83_WebHelp/Content/Instant_UG/Authentication/Certificates.htm (you may need to scroll to the right to see all the options)

What may work as well, is to try and upload the certificate ad captive portal certificate first, until you get the certificate import right, as that upload will not affect your WebUI.

Did you check the resulting pem file? Can you make sure that you don't miss any newlines between the certificates/key? And that the file ends with a newline as well? PEM files are normal text files, so you can use any editor to view/edit them. Check this article on how the file should look like.

If all looks good, you may also try to use the decrypted version of your key (if you have it encrypted). Apparently, not all types of key encryption are supported by Instant.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Aug 27, 2021 03:45 AM
From: Alex Sharaz
Subject: Replacing instant cluster https certificate

Hi Michael

its macOS

but just tried it in firefox on win 10 and same result .. and safari on macOS

you start off by getting the normal view without the installed cert details but then it all just vanishes.

Although its a blank page, view web page source gives, so its browser independent

Original Message:
Sent: 8/27/2021 2:19:00 AM
From: Michael_Clarke
Subject: RE: Replacing instant cluster https certificate

What platform are you doing this on?  I know windows can sometime do silly things with text files like adding hidden characters such as line breaks etc.
The process you describe is pretty much how I do it and it works fine for me.

------------------------------
Michael Clarke (Aruba)

Original Message:
Sent: Aug 26, 2021 11:49 AM
From: Alex Sharaz
Subject: Replacing instant cluster https certificate

I have a long standing issue  with replacing the https cert on my instant cluster ( 8.8.0.1) but it has been happening in ever previous release.

I create an appropriate upload file by

Copying  cert into file1.pem

Append the cert CA chain  by cat <cachain.pem>  >>file1.pem

Append the key by typing

cat <keyfile.pem >>file1.pem

File1.pem then has

I then upload this file onto the instant cluster VC

If I get the format of the file wrong, then  when i log back onto the VC the https cert used is still the old one but more annoyingly if i go to management/certificates  you cannot see the certs on the VC, the web page just blanks out.

The last time I fixed this by using airwave to uplaod the cert but that is no longer possible.

Can you upload a new cert via the cli?


Rgds
Alex

------------------------------
Alex Sharaz
------------------------------

Looks like it is 'wlan cert-assignment-profile'.  https://www.arubanetworks.com/techdocs/CLI-Bank/Content/instant/wlan%20cert-assignment-profile.htm?Highlight=cert-assignment

------------------------------
Michael Clarke (Aruba)
------------------------------

Original Message:
Sent: Aug 27, 2021 11:39 AM
From: Alex Sharaz
Subject: Replacing instant cluster https certificate

o.k so a sh tech-aupport shows that me new cert is actually on the instant AP …its just not been assigned to anything

so if i can find the commands to associate my cert with the userinerface/captive portal etc i should be o.k


Original Message:
Sent: 8/27/2021 7:32:00 AM
From: Herman Robers
Subject: RE: Replacing instant cluster https certificate

It seems that you can download the certificate from a tftp server from the CLI: https://www.arubanetworks.com/techdocs/Instant_83_WebHelp/Content/Instant_UG/Authentication/Certificates.htm (you may need to scroll to the right to see all the options)

What may work as well, is to try and upload the certificate ad captive portal certificate first, until you get the certificate import right, as that upload will not affect your WebUI.

Did you check the resulting pem file? Can you make sure that you don't miss any newlines between the certificates/key? And that the file ends with a newline as well? PEM files are normal text files, so you can use any editor to view/edit them. Check this article on how the file should look like.

If all looks good, you may also try to use the decrypted version of your key (if you have it encrypted). Apparently, not all types of key encryption are supported by Instant.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Aug 27, 2021 03:45 AM
From: Alex Sharaz
Subject: Replacing instant cluster https certificate

Hi Michael

its macOS

but just tried it in firefox on win 10 and same result .. and safari on macOS

you start off by getting the normal view without the installed cert details but then it all just vanishes.

Although its a blank page, view web page source gives, so its browser independent

Original Message:
Sent: 8/27/2021 2:19:00 AM
From: Michael_Clarke
Subject: RE: Replacing instant cluster https certificate

What platform are you doing this on?  I know windows can sometime do silly things with text files like adding hidden characters such as line breaks etc.
The process you describe is pretty much how I do it and it works fine for me.

------------------------------
Michael Clarke (Aruba)

Original Message:
Sent: Aug 26, 2021 11:49 AM
From: Alex Sharaz
Subject: Replacing instant cluster https certificate

I have a long standing issue  with replacing the https cert on my instant cluster ( 8.8.0.1) but it has been happening in ever previous release.

I create an appropriate upload file by

Copying  cert into file1.pem

Append the cert CA chain  by cat <cachain.pem>  >>file1.pem

Append the key by typing

cat <keyfile.pem >>file1.pem

File1.pem then has

I then upload this file onto the instant cluster VC

If I get the format of the file wrong, then  when i log back onto the VC the https cert used is still the old one but more annoyingly if i go to management/certificates  you cannot see the certs on the VC, the web page just blanks out.

The last time I fixed this by using airwave to uplaod the cert but that is no longer possible.

Can you upload a new cert via the cli?


Rgds
Alex

------------------------------
Alex Sharaz
------------------------------

Many thanks Michael
and that worked. I’ve assigned my new lets encrypt cert to UI and captive portal. and can now log in to the VC without firefox bleats about expired certs. However, from the GUI still get a blank screen when I go to maint/certs but now I know what to do from theCLI I can get round that

Rgds
Alex


Original Message:
Sent: 8/28/2021 5:00:00 AM
From: Michael_Clarke
Subject: RE: Replacing instant cluster https certificate

Looks like it is 'wlan cert-assignment-profile'.  https://www.arubanetworks.com/techdocs/CLI-Bank/Content/instant/wlan%20cert-assignment-profile.htm?Highlight=cert-assignment

------------------------------
Michael Clarke (Aruba)
------------------------------

Original Message:
Sent: Aug 27, 2021 11:39 AM
From: Alex Sharaz
Subject: Replacing instant cluster https certificate

o.k so a sh tech-aupport shows that me new cert is actually on the instant AP …its just not been assigned to anything

so if i can find the commands to associate my cert with the userinerface/captive portal etc i should be o.k


Original Message:
Sent: 8/27/2021 7:32:00 AM
From: Herman Robers
Subject: RE: Replacing instant cluster https certificate

It seems that you can download the certificate from a tftp server from the CLI: https://www.arubanetworks.com/techdocs/Instant_83_WebHelp/Content/Instant_UG/Authentication/Certificates.htm (you may need to scroll to the right to see all the options)

What may work as well, is to try and upload the certificate ad captive portal certificate first, until you get the certificate import right, as that upload will not affect your WebUI.

Did you check the resulting pem file? Can you make sure that you don't miss any newlines between the certificates/key? And that the file ends with a newline as well? PEM files are normal text files, so you can use any editor to view/edit them. Check this article on how the file should look like.

If all looks good, you may also try to use the decrypted version of your key (if you have it encrypted). Apparently, not all types of key encryption are supported by Instant.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Aug 27, 2021 03:45 AM
From: Alex Sharaz
Subject: Replacing instant cluster https certificate

Hi Michael

its macOS

but just tried it in firefox on win 10 and same result .. and safari on macOS

you start off by getting the normal view without the installed cert details but then it all just vanishes.

Although its a blank page, view web page source gives, so its browser independent

Original Message:
Sent: 8/27/2021 2:19:00 AM
From: Michael_Clarke
Subject: RE: Replacing instant cluster https certificate

What platform are you doing this on?  I know windows can sometime do silly things with text files like adding hidden characters such as line breaks etc.
The process you describe is pretty much how I do it and it works fine for me.

------------------------------
Michael Clarke (Aruba)

Original Message:
Sent: Aug 26, 2021 11:49 AM
From: Alex Sharaz
Subject: Replacing instant cluster https certificate

I have a long standing issue  with replacing the https cert on my instant cluster ( 8.8.0.1) but it has been happening in ever previous release.

I create an appropriate upload file by

Copying  cert into file1.pem

Append the cert CA chain  by cat <cachain.pem>  >>file1.pem

Append the key by typing

cat <keyfile.pem >>file1.pem

File1.pem then has

I then upload this file onto the instant cluster VC

If I get the format of the file wrong, then  when i log back onto the VC the https cert used is still the old one but more annoyingly if i go to management/certificates  you cannot see the certs on the VC, the web page just blanks out.

The last time I fixed this by using airwave to uplaod the cert but that is no longer possible.

Can you upload a new cert via the cli?


Rgds
Alex

------------------------------
Alex Sharaz
------------------------------

Hi,
How did you associate the domain you selected on the Cert, with a domain on the AP?  My default is, https://securelogin.arubanetworks.com

------------------------------
Christopher
------------------------------

Original Message:
Sent: Sep 02, 2021 07:02 AM
From: Alex Sharaz
Subject: Replacing instant cluster https certificate

Many thanks Michael
and that worked. I've assigned my new lets encrypt cert to UI and captive portal. and can now log in to the VC without firefox bleats about expired certs. However, from the GUI still get a blank screen when I go to maint/certs but now I know what to do from theCLI I can get round that

Rgds
Alex


Original Message:
Sent: 8/28/2021 5:00:00 AM
From: Michael_Clarke
Subject: RE: Replacing instant cluster https certificate

Looks like it is 'wlan cert-assignment-profile'.  https://www.arubanetworks.com/techdocs/CLI-Bank/Content/instant/wlan%20cert-assignment-profile.htm?Highlight=cert-assignment

------------------------------
Michael Clarke (Aruba)

Original Message:
Sent: Aug 27, 2021 11:39 AM
From: Alex Sharaz
Subject: Replacing instant cluster https certificate

o.k so a sh tech-aupport shows that me new cert is actually on the instant AP …its just not been assigned to anything

so if i can find the commands to associate my cert with the userinerface/captive portal etc i should be o.k


Original Message:
Sent: 8/27/2021 7:32:00 AM
From: Herman Robers
Subject: RE: Replacing instant cluster https certificate

It seems that you can download the certificate from a tftp server from the CLI: https://www.arubanetworks.com/techdocs/Instant_83_WebHelp/Content/Instant_UG/Authentication/Certificates.htm (you may need to scroll to the right to see all the options)

What may work as well, is to try and upload the certificate ad captive portal certificate first, until you get the certificate import right, as that upload will not affect your WebUI.

Did you check the resulting pem file? Can you make sure that you don't miss any newlines between the certificates/key? And that the file ends with a newline as well? PEM files are normal text files, so you can use any editor to view/edit them. Check this article on how the file should look like.

If all looks good, you may also try to use the decrypted version of your key (if you have it encrypted). Apparently, not all types of key encryption are supported by Instant.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Aug 27, 2021 03:45 AM
From: Alex Sharaz
Subject: Replacing instant cluster https certificate

Hi Michael

its macOS

but just tried it in firefox on win 10 and same result .. and safari on macOS

you start off by getting the normal view without the installed cert details but then it all just vanishes.

Although its a blank page, view web page source gives, so its browser independent

Original Message:
Sent: 8/27/2021 2:19:00 AM
From: Michael_Clarke
Subject: RE: Replacing instant cluster https certificate

What platform are you doing this on?  I know windows can sometime do silly things with text files like adding hidden characters such as line breaks etc.
The process you describe is pretty much how I do it and it works fine for me.

------------------------------
Michael Clarke (Aruba)

Original Message:
Sent: Aug 26, 2021 11:49 AM
From: Alex Sharaz
Subject: Replacing instant cluster https certificate

I have a long standing issue  with replacing the https cert on my instant cluster ( 8.8.0.1) but it has been happening in ever previous release.

I create an appropriate upload file by

Copying  cert into file1.pem

Append the cert CA chain  by cat <cachain.pem>  >>file1.pem

Append the key by typing

cat <keyfile.pem >>file1.pem

File1.pem then has

I then upload this file onto the instant cluster VC

If I get the format of the file wrong, then  when i log back onto the VC the https cert used is still the old one but more annoyingly if i go to management/certificates  you cannot see the certs on the VC, the web page just blanks out.

The last time I fixed this by using airwave to uplaod the cert but that is no longer possible.

Can you upload a new cert via the cli?


Rgds
Alex

------------------------------
Alex Sharaz
------------------------------

Please open a new discussion. This does not match the existing discussion, and it is unclear what you try to do. You should not use securelogin.arubanetworks.com, but your own certificate.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Oct 26, 2021 12:49 AM
From: Christopher Baulckim
Subject: Replacing instant cluster https certificate

Hi,
How did you associate the domain you selected on the Cert, with a domain on the AP?  My default is, https://securelogin.arubanetworks.com

------------------------------
Christopher

Original Message:
Sent: Sep 02, 2021 07:02 AM
From: Alex Sharaz
Subject: Replacing instant cluster https certificate

Many thanks Michael
and that worked. I've assigned my new lets encrypt cert to UI and captive portal. and can now log in to the VC without firefox bleats about expired certs. However, from the GUI still get a blank screen when I go to maint/certs but now I know what to do from theCLI I can get round that

Rgds
Alex


Original Message:
Sent: 8/28/2021 5:00:00 AM
From: Michael_Clarke
Subject: RE: Replacing instant cluster https certificate

Looks like it is 'wlan cert-assignment-profile'.  https://www.arubanetworks.com/techdocs/CLI-Bank/Content/instant/wlan%20cert-assignment-profile.htm?Highlight=cert-assignment

------------------------------
Michael Clarke (Aruba)

Original Message:
Sent: Aug 27, 2021 11:39 AM
From: Alex Sharaz
Subject: Replacing instant cluster https certificate

o.k so a sh tech-aupport shows that me new cert is actually on the instant AP …its just not been assigned to anything

so if i can find the commands to associate my cert with the userinerface/captive portal etc i should be o.k


Original Message:
Sent: 8/27/2021 7:32:00 AM
From: Herman Robers
Subject: RE: Replacing instant cluster https certificate

It seems that you can download the certificate from a tftp server from the CLI: https://www.arubanetworks.com/techdocs/Instant_83_WebHelp/Content/Instant_UG/Authentication/Certificates.htm (you may need to scroll to the right to see all the options)

What may work as well, is to try and upload the certificate ad captive portal certificate first, until you get the certificate import right, as that upload will not affect your WebUI.

Did you check the resulting pem file? Can you make sure that you don't miss any newlines between the certificates/key? And that the file ends with a newline as well? PEM files are normal text files, so you can use any editor to view/edit them. Check this article on how the file should look like.

If all looks good, you may also try to use the decrypted version of your key (if you have it encrypted). Apparently, not all types of key encryption are supported by Instant.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Aug 27, 2021 03:45 AM
From: Alex Sharaz
Subject: Replacing instant cluster https certificate

Hi Michael

its macOS

but just tried it in firefox on win 10 and same result .. and safari on macOS

you start off by getting the normal view without the installed cert details but then it all just vanishes.

Although its a blank page, view web page source gives, so its browser independent

Original Message:
Sent: 8/27/2021 2:19:00 AM
From: Michael_Clarke
Subject: RE: Replacing instant cluster https certificate

What platform are you doing this on?  I know windows can sometime do silly things with text files like adding hidden characters such as line breaks etc.
The process you describe is pretty much how I do it and it works fine for me.

------------------------------
Michael Clarke (Aruba)

Original Message:
Sent: Aug 26, 2021 11:49 AM
From: Alex Sharaz
Subject: Replacing instant cluster https certificate

I have a long standing issue  with replacing the https cert on my instant cluster ( 8.8.0.1) but it has been happening in ever previous release.

I create an appropriate upload file by

Copying  cert into file1.pem

Append the cert CA chain  by cat <cachain.pem>  >>file1.pem

Append the key by typing

cat <keyfile.pem >>file1.pem

File1.pem then has

I then upload this file onto the instant cluster VC

If I get the format of the file wrong, then  when i log back onto the VC the https cert used is still the old one but more annoyingly if i go to management/certificates  you cannot see the certs on the VC, the web page just blanks out.

The last time I fixed this by using airwave to uplaod the cert but that is no longer possible.

Can you upload a new cert via the cli?


Rgds
Alex

------------------------------
Alex Sharaz
------------------------------