6.5.1.5 is getting a bit of age on it. It looks to predate a security bulletin from 2017, and contains a vulnerability. Here's the link to the notice:
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007_FAQ_Rev-1.pdfAt a guess, I think you're right - the certificate is out of date. Some browsers will let you bypass this, while others won't. The same happens with self-signed certificates.
For security reasons, you should consider upgrading the IAP firmware. Newer releases are also more feature-rich. The same goes for the Firefox version. Lots of vulnerabilities are continually being discovered, so keeping up to date is key.
You will need to be able to login to the Aruba Support Portal with permissions to download the firmware. The support costs for the IAPs are fairly nominal.
------------------------------
Timothy Leadbetter
ACMP, ACSP, ACCA
CWNA, CWDP
ECSE-Design
------------------------------
Original Message:
Sent: Apr 08, 2021 06:30 PM
From: Joshua Imobersteg
Subject: Can No Longer Access the IAP WebUI via Firefox
I am pretty sure that this is related to certs, but wanted to double check what I can do here considering the relatively strict requirements I'm dealing with. I have a product that integrates the IAP-315 with older firmware installed (6.5.1.5-4.3.1.9) and an older version of firefox (52.8.0).
I am trying to access the WebUI to update the firmware via USB plugged into the host system. FW updated cannot be done via internet (ethernet connection is only to the host PC) and cannot be done via CLI (no FTP/TFTP server available on the host PC and no HTTP URL available).
Even after the certificate expiry notification in 2019, I have never had this particular problem:
1. Open up terminal window and firefox (test with both normal operation and in safe-mode) to the IP address of the IAP
2. Firefox opens with a "Your Connection is Not Secure" error
3. Click on "Advanced" and see that it is an invalid cert issue (was working fine a few months ago).
4. I go to add an exception like I normally do
5. Instead of refreshing to the login page of the WebUI, I see a new "Secure Connection Failed" page that I've never seen before:
"An error occurred during a connection to <ipAddress>. Security Library Failure. Error code: sec_error_library_failure"
Up until recently, this has worked without any issues in any way.
So far I have tried clearing the cert exceptions and manually entering it, I've tried doing the same in normal and safe-mode for firefox, and I've tried refreshing firefox. Nothing has worked so far.
Are there any particular options? Possibly in the firefox configurations?
Unfortunately, I have a number of restrictions due to the product the IAP is being integrated into due to version control and other such things.
1. Updating the version of firefox is not permitted
2. Installing a different browser is not permitted
I am permitted to change the firefox configs, however.
I check on my PC with the same physical IAP215 and do not have the issue at all with the newest version of firefox, so I think there is something going with the firefox config or the version Do I have any options available to me here? Is there something specific to this combination of firefox version and IAP315 firmware that I can use to make this work again?
------------------------------
Joshua Imobersteg
------------------------------