Network Management

Hi all,

(apologies if in wrong forum)

I have a query regarding the advisory posted about the Aruba Activate certificate change: Aruba Support Portal (arubanetworks.com)

We currently have internal controllers and APs running 8.3.0.14 and DMZ/external MC/MM/RAPs running 8.5.0.12. (an upgrade is planned for both to bring them in-line)

From what I read of the advisory, our current devices are all covered for the new certificate. However, we have a concern regarding the deployed RAPs. If they are factory reset, they go back to the factory-OS version of 6.5.4.3 which is listed as an affected product.

Therefore for any resets, we would need to have them shipped into the office for local update rather than cloud provision. Does anyone have any documentation/links that refer to a method of updating the base OS cert for deployed RAPs?

Thanks

------------------------------
John Rehill
------------------------------

I was going to follow up on this post however I've now found that the advisory that I linked to no longer exists.

Does anyone have any other links with this advisory?

------------------------------
John Rehill
------------------------------

Original Message:
Sent: Aug 11, 2021 09:46 PM
From: John Rehill
Subject: Aruba Activiate certificate change query

Hi all,

(apologies if in wrong forum)

I have a query regarding the advisory posted about the Aruba Activate certificate change: Aruba Support Portal (arubanetworks.com)

We currently have internal controllers and APs running 8.3.0.14 and DMZ/external MC/MM/RAPs running 8.5.0.12. (an upgrade is planned for both to bring them in-line)

From what I read of the advisory, our current devices are all covered for the new certificate. However, we have a concern regarding the deployed RAPs. If they are factory reset, they go back to the factory-OS version of 6.5.4.3 which is listed as an affected product.

Therefore for any resets, we would need to have them shipped into the office for local update rather than cloud provision. Does anyone have any documentation/links that refer to a method of updating the base OS cert for deployed RAPs?

Thanks

------------------------------
John Rehill
------------------------------

hmm turns out that it was hidden even though I was logged in... I've found it again and attached the pdf just in case

------------------------------
John Rehill
------------------------------

Original Message:
Sent: Aug 23, 2021 07:54 PM
From: John Rehill
Subject: Aruba Activiate certificate change query

I was going to follow up on this post however I've now found that the advisory that I linked to no longer exists.

Does anyone have any other links with this advisory?

------------------------------
John Rehill

Original Message:
Sent: Aug 11, 2021 09:46 PM
From: John Rehill
Subject: Aruba Activiate certificate change query

Hi all,

(apologies if in wrong forum)

I have a query regarding the advisory posted about the Aruba Activate certificate change: Aruba Support Portal (arubanetworks.com)

We currently have internal controllers and APs running 8.3.0.14 and DMZ/external MC/MM/RAPs running 8.5.0.12. (an upgrade is planned for both to bring them in-line)

From what I read of the advisory, our current devices are all covered for the new certificate. However, we have a concern regarding the deployed RAPs. If they are factory reset, they go back to the factory-OS version of 6.5.4.3 which is listed as an affected product.

Therefore for any resets, we would need to have them shipped into the office for local update rather than cloud provision. Does anyone have any documentation/links that refer to a method of updating the base OS cert for deployed RAPs?

Thanks

------------------------------
John Rehill
------------------------------

I'm not aware of a way to upgrade the backup OS Instant partition on RAPs that are running in RAP mode with a controller.

Aruba support may help with that and have a solution.

Are you using Activate to redirect the APs to your controller and become a RAP?

What will work after a factory reset to a version if Instant that cannot connect to Activate, is that the user will connect to the instant/SetMeUp SSID, then login as admin/admin (for 6.x release), go in maintenance, and convert AP to RAP and your controller. Steps are not too hard, and maybe better than shipping back the AP, although when shipping back you can do an upgrade twice of the Instant firmware (twice to get the backup partition to a supported version) before you re-provision.

Do users factory reset these APs often??

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Aug 23, 2021 11:50 PM
From: John Rehill
Subject: Aruba Activiate certificate change query

hmm turns out that it was hidden even though I was logged in... I've found it again and attached the pdf just in case

------------------------------
John Rehill

Original Message:
Sent: Aug 23, 2021 07:54 PM
From: John Rehill
Subject: Aruba Activiate certificate change query

I was going to follow up on this post however I've now found that the advisory that I linked to no longer exists.

Does anyone have any other links with this advisory?

------------------------------
John Rehill

Original Message:
Sent: Aug 11, 2021 09:46 PM
From: John Rehill
Subject: Aruba Activiate certificate change query

Hi all,

(apologies if in wrong forum)

I have a query regarding the advisory posted about the Aruba Activate certificate change: Aruba Support Portal (arubanetworks.com)

We currently have internal controllers and APs running 8.3.0.14 and DMZ/external MC/MM/RAPs running 8.5.0.12. (an upgrade is planned for both to bring them in-line)

From what I read of the advisory, our current devices are all covered for the new certificate. However, we have a concern regarding the deployed RAPs. If they are factory reset, they go back to the factory-OS version of 6.5.4.3 which is listed as an affected product.

Therefore for any resets, we would need to have them shipped into the office for local update rather than cloud provision. Does anyone have any documentation/links that refer to a method of updating the base OS cert for deployed RAPs?

Thanks

------------------------------
John Rehill
------------------------------

For your first question, yes, we are using Activate to redirect any RAPs to our internal controllers. I'm aware that they get an initial upgrade once they hit activate and then once they hit our controllers, they also get an upgrade (technically a slight downgrade it seems).

Since we have used this method with all our RAPs, would this be the upgrade twice so the new certificate should be in place?

As for your second question, we only moved to using Activate last year in conjunction with new controller implementations and once the initial migration was all done, we've only had to two one or two RAPs of the fleet we have deployed by an end-user.

It's more a just-in-case scenario similar to major system backups. You hope to never have to use the solution but it's good to know you have it. And there's always the little concern if it'll actually work in crunch time.

------------------------------
John Rehill
------------------------------

Original Message:
Sent: Aug 24, 2021 05:27 AM
From: Herman Robers
Subject: Aruba Activiate certificate change query

I'm not aware of a way to upgrade the backup OS Instant partition on RAPs that are running in RAP mode with a controller.

Aruba support may help with that and have a solution.

Are you using Activate to redirect the APs to your controller and become a RAP?

What will work after a factory reset to a version if Instant that cannot connect to Activate, is that the user will connect to the instant/SetMeUp SSID, then login as admin/admin (for 6.x release), go in maintenance, and convert AP to RAP and your controller. Steps are not too hard, and maybe better than shipping back the AP, although when shipping back you can do an upgrade twice of the Instant firmware (twice to get the backup partition to a supported version) before you re-provision.

Do users factory reset these APs often??

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Aug 23, 2021 11:50 PM
From: John Rehill
Subject: Aruba Activiate certificate change query

hmm turns out that it was hidden even though I was logged in... I've found it again and attached the pdf just in case

------------------------------
John Rehill

Original Message:
Sent: Aug 23, 2021 07:54 PM
From: John Rehill
Subject: Aruba Activiate certificate change query

I was going to follow up on this post however I've now found that the advisory that I linked to no longer exists.

Does anyone have any other links with this advisory?

------------------------------
John Rehill

Original Message:
Sent: Aug 11, 2021 09:46 PM
From: John Rehill
Subject: Aruba Activiate certificate change query

Hi all,

(apologies if in wrong forum)

I have a query regarding the advisory posted about the Aruba Activate certificate change: Aruba Support Portal (arubanetworks.com)

We currently have internal controllers and APs running 8.3.0.14 and DMZ/external MC/MM/RAPs running 8.5.0.12. (an upgrade is planned for both to bring them in-line)

From what I read of the advisory, our current devices are all covered for the new certificate. However, we have a concern regarding the deployed RAPs. If they are factory reset, they go back to the factory-OS version of 6.5.4.3 which is listed as an affected product.

Therefore for any resets, we would need to have them shipped into the office for local update rather than cloud provision. Does anyone have any documentation/links that refer to a method of updating the base OS cert for deployed RAPs?

Thanks

------------------------------
John Rehill
------------------------------

Best to work with support, if you need assistance in working out this scenario. They might know things that I'm not aware of.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Aug 24, 2021 09:48 PM
From: John Rehill
Subject: Aruba Activiate certificate change query

For your first question, yes, we are using Activate to redirect any RAPs to our internal controllers. I'm aware that they get an initial upgrade once they hit activate and then once they hit our controllers, they also get an upgrade (technically a slight downgrade it seems).

Since we have used this method with all our RAPs, would this be the upgrade twice so the new certificate should be in place?

As for your second question, we only moved to using Activate last year in conjunction with new controller implementations and once the initial migration was all done, we've only had to two one or two RAPs of the fleet we have deployed by an end-user.

It's more a just-in-case scenario similar to major system backups. You hope to never have to use the solution but it's good to know you have it. And there's always the little concern if it'll actually work in crunch time.

------------------------------
John Rehill

Original Message:
Sent: Aug 24, 2021 05:27 AM
From: Herman Robers
Subject: Aruba Activiate certificate change query

I'm not aware of a way to upgrade the backup OS Instant partition on RAPs that are running in RAP mode with a controller.

Aruba support may help with that and have a solution.

Are you using Activate to redirect the APs to your controller and become a RAP?

What will work after a factory reset to a version if Instant that cannot connect to Activate, is that the user will connect to the instant/SetMeUp SSID, then login as admin/admin (for 6.x release), go in maintenance, and convert AP to RAP and your controller. Steps are not too hard, and maybe better than shipping back the AP, although when shipping back you can do an upgrade twice of the Instant firmware (twice to get the backup partition to a supported version) before you re-provision.

Do users factory reset these APs often??

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Aug 23, 2021 11:50 PM
From: John Rehill
Subject: Aruba Activiate certificate change query

hmm turns out that it was hidden even though I was logged in... I've found it again and attached the pdf just in case

------------------------------
John Rehill

Original Message:
Sent: Aug 23, 2021 07:54 PM
From: John Rehill
Subject: Aruba Activiate certificate change query

I was going to follow up on this post however I've now found that the advisory that I linked to no longer exists.

Does anyone have any other links with this advisory?

------------------------------
John Rehill

Original Message:
Sent: Aug 11, 2021 09:46 PM
From: John Rehill
Subject: Aruba Activiate certificate change query

Hi all,

(apologies if in wrong forum)

I have a query regarding the advisory posted about the Aruba Activate certificate change: Aruba Support Portal (arubanetworks.com)

We currently have internal controllers and APs running 8.3.0.14 and DMZ/external MC/MM/RAPs running 8.5.0.12. (an upgrade is planned for both to bring them in-line)

From what I read of the advisory, our current devices are all covered for the new certificate. However, we have a concern regarding the deployed RAPs. If they are factory reset, they go back to the factory-OS version of 6.5.4.3 which is listed as an affected product.

Therefore for any resets, we would need to have them shipped into the office for local update rather than cloud provision. Does anyone have any documentation/links that refer to a method of updating the base OS cert for deployed RAPs?

Thanks

------------------------------
John Rehill
------------------------------