Security

 View Only
last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Virtual Controller Web UI Certificate

This thread has been viewed 63 times

  • 1.  Virtual Controller Web UI Certificate

    Posted Sep 16, 2021 11:04 AM

    Hello everyone,

    I am having some trouble getting an SSL certificate installed on our virtual controller (instant.arubanetworks.com). I would like to use this for secure connections for admins logging in via web browser for management. I have been able to get the CA certificate installed, but when I attempt to install a new Web UI certificate I get the following error. I am using an internal CA to generate the certificate.

    Any help would be greatly appreciated. 

    Thanks!



  • 2.  RE: Virtual Controller Web UI Certificate

    EMPLOYEE
    Posted Sep 17, 2021 10:27 AM
    There is probably something wrong with how your formatted the certificate for the upload. What is the format/type you use?

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------

    Original Message


  • 3.  RE: Virtual Controller Web UI Certificate

    Posted Sep 17, 2021 11:39 AM
    The format I tried to use was a .cer. I tried a .pem as well but it still seems to give me the same error.
    Original Message


  • 4.  RE: Virtual Controller Web UI Certificate

    MVP GURU
    Posted Sep 19, 2021 04:59 AM
    you have the private key on the pem ?

    ------------------------------
    PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

    PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

    PowerArubaCL: Powershell Module to use Aruba Central

    PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

    ACEP / ACMX #107 / ACDX #1281
    ------------------------------

    Original Message


  • 5.  RE: Virtual Controller Web UI Certificate

    EMPLOYEE
    Posted Sep 20, 2021 07:22 AM
    I've seen one occurrence of this same message, and in that case, it was the formatting of the file that was imported. If you do PEM/CRT (Base64), make sure you follow this structure:
    -----BEGIN CERTIFICATE-----
    Public signed Key
    -----END CERTIFICATE-----
    -----BEGIN CERTIFICATE-----
    Intermediate Primary CA
    -----END CERTIFICATE-----
    -----BEGIN CERTIFICATE-----
    Intermediate Secondary CA
    -----END CERTIFICATE-----
    -----BEGIN PRIVATE KEY----
    Private Key
    -----END PRIVATE KEY-----

    Working with your Aruba partner, or Aruba Support should get the issue found, or a proper file to be imported created quickly. I can have a look at it, but I would not recommend sharing your private key with someone on a forum.


    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------

    Original Message


  • 6.  RE: Virtual Controller Web UI Certificate

    Posted Sep 23, 2021 01:43 PM
    I think this is the issue. When I inspect the certificate in a text editor, I am only seeing the certificate but no private key. I guess the plan is to try and figure out where the private key goes when this was generated.

    Original Message:
    Sent: Sep 20, 2021 07:22 AM
    From: Herman Robers
    Subject: Virtual Controller Web UI Certificate

    I've seen one occurrence of this same message, and in that case, it was the formatting of the file that was imported. If you do PEM/CRT (Base64), make sure you follow this structure:
    -----BEGIN CERTIFICATE-----
    Public signed Key
    -----END CERTIFICATE-----
    -----BEGIN CERTIFICATE-----
    Intermediate Primary CA
    -----END CERTIFICATE-----
    -----BEGIN CERTIFICATE-----
    Intermediate Secondary CA
    -----END CERTIFICATE-----
    -----BEGIN PRIVATE KEY----
    Private Key
    -----END PRIVATE KEY-----

    Working with your Aruba partner, or Aruba Support should get the issue found, or a proper file to be imported created quickly. I can have a look at it, but I would not recommend sharing your private key with someone on a forum.


    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

    Original Message


  • 7.  RE: Virtual Controller Web UI Certificate

    EMPLOYEE
    Posted Sep 24, 2021 04:54 AM
    Ah, you generated the CSR on a switch? I think the Aruba switches (AOS-CX and ArubaOS-Switch) don't support the export of the private key. You should probably not use a switch to create a CSR.

    If you have a system with OpenSSL, like a Mac, Linux system, or install OpenSSL on Windows, you can use this procedure to generate a CSR with OpenSSL.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------

    Original Message


  • 8.  RE: Virtual Controller Web UI Certificate

    Posted Sep 24, 2021 09:18 AM
    Sorry for the confusion, I did make generate the CSR on our local CA (I forgot which device I was talking about for a moment). I think we are going to go ahead and use OpenSSL to get the proper cert that we need for this.
    Original Message


  • 9.  RE: Virtual Controller Web UI Certificate

    EMPLOYEE
    Posted Sep 24, 2021 09:31 AM
    Normally, the key and CSR are generated on the same device. If it was your local CA, that may have the key as well..

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------

    Original Message