Aruba Apps

 View Only
last person joined: 13 hours ago 

Aruba Apps board is designed for questions, comments, and feature requests for all of Aruba Networks' mobile Apps.
Expand all | Collapse all

Adding certificate to AirWave

Jump to Best Answer
This thread has been viewed 94 times
  • 1.  Adding certificate to AirWave

    Posted Dec 19, 2020 12:00 AM

    I am trying to add a certificate to AirWave (v.8.2.11.2) to use encryption when authenticating with LDAP.  My system admin gave me a .cer certificate and when I try to add the certificate, I get "Invalid Certificate file for 'CER' format." I tried adding with and without a passphrase and combination of "Types" (Intermediate CA, Trusted CA, etc.)

    The certificate is valid as well. Any help would be appreciated. 



    ------------------------------
    Ken S.
    ------------------------------


  • 2.  RE: Adding certificate to AirWave

    MVP EXPERT
    Posted Dec 20, 2020 04:53 PM

    Hi KenS,

    For import a certificate in .CER format it's import you also need the private key, ca-root and intermediate certificate's. 

    Most easy is way is to ask your system admin to delivery the certificate as PKCS12 or PFX which can contains all nessesary certificates.

    ------------------------------
    Marcel Koedijk | MVP Expert 2020 | ACMP | ACCP | Ekahau ECSE
    ------------------------------



  • 3.  RE: Adding certificate to AirWave

    Posted Dec 21, 2020 08:41 AM

    Thank you Marcel.  I will look into it.  



    ------------------------------
    Ken Sauter
    ------------------------------



  • 4.  RE: Adding certificate to AirWave

    EMPLOYEE
    Posted Dec 21, 2020 05:59 AM

    Can you get the certificate in a different format? Problem with .CER is that it is not really a well-defined format in many cases it is a PEM or DER format but with .cer extension.

    You can try to rename the file to .pem and import as PEM, or rename to .der and import as DER if .pem doesn't work.

    If you open the file in a text editor, if it is readable and has a line like -----BEGIN CERTIFICATE----- in it, it is PEM format, if it is binary junk it is likely DER.

    I prefer to use PEM for most purposes as it provides the least issues, and .p12 if it includes a private key like in a server or client certificate.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
    ------------------------------



  • 5.  RE: Adding certificate to AirWave

    Posted Dec 21, 2020 08:45 AM

    Thank you Herman.  I did try to rename the certificate and import it, but no luck.  Do you know what type of certificate I should import as? Intermediate CA, Server Cert, etc?  The certificate provided was a tertiary certificate from the root.  



    ------------------------------
    Ken Sauter
    ------------------------------



  • 6.  RE: Adding certificate to AirWave

    EMPLOYEE
    Posted Dec 21, 2020 09:40 AM

    You should import the Root CA as 'Trusted CA' and might need to install the intermediate(s) as Intermediate CA. If it is a PEM file (with BEGIN CERTIFICATE sections), you can peel it apart, but probably import as Trusted CA at once might work.

    If what you have only has BEGIN CERTIFICATE sections, so no PRIVATE KEY section, you can share it as a personal reply to me and I can have a quick look and try to import in my lab Airwave.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
    ------------------------------



  • 7.  RE: Adding certificate to AirWave

    Posted Dec 21, 2020 10:06 AM

    So it sounds like I would need to import 2 certificates, the root and the intermediate that I have already.  But it would be better if the certificates were in p12 or pfx.  

    The cert is not a PEM.  I get binary stuff when I open the .cer and renamed .dem.  



    ------------------------------
    Ken Sauter
    ------------------------------



  • 8.  RE: Adding certificate to AirWave

    EMPLOYEE
    Posted Dec 21, 2020 11:48 AM

    If you use your favorite search engine to search for 'convert der to pem' there are online tools and openssl commands to perform that. If you have PEM format you can at least read what is in there.

    Or ask your admin to provide the certificates in PEM/Base64 format.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
    ------------------------------



  • 9.  RE: Adding certificate to AirWave

    Posted Dec 21, 2020 11:59 AM

    I am a little limited as to what I can do since I am not admin on my VM while working remotely.  My admin was able to provide a .p7b, but I didn't have much luck adding the certificate. 

    I can ask for PEM/Base64, but would a .p7b work?  



    ------------------------------
    Ken Sauter
    ------------------------------



  • 10.  RE: Adding certificate to AirWave

    EMPLOYEE
    Posted Dec 22, 2020 04:58 AM

    If you share the DER/CER/p7b in a personal message, I can have a look if I can import it in my Airwave.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
    ------------------------------



  • 11.  RE: Adding certificate to AirWave

    MVP EXPERT
    Posted Dec 22, 2020 04:04 PM

    Hi Ken,

    By re-read your post i see you like to use a certificate for LDAP, probably for secure LDAP over SSL on port 636. Based on this case i was testing this for you in my homelab. LDAP (389) works but LDAP over SSL was not working for me (with imported the needed ca-cert). End-up with the Aruba Instant 8.7.0.x User Guide where is noted that LDAP over SSL is currently not supported on Aruba Instant.

    https://support.hpe.com/hpesc/public/docDisplay?docId=a00101274en_us

    (page 233)

    Where do you like to use LDAP for? As authentication source in your instant virtual clusters or for login at the management page of Airwave? You could also consider TACACS or RADIUS as beter alternative.

    ------------------------------
    Marcel Koedijk | MVP Expert 2020 | ACMP | ACCP | Ekahau ECSE
    ------------------------------



  • 12.  RE: Adding certificate to AirWave

    MVP EXPERT
    Posted Dec 28, 2020 06:43 PM

    Hi Ken,

    Onemorething... I was testing Airwave 8.2.12.0 with LDAP over SSL (LDAPs) for login with AD credentials from the Airwave Management GUI.

    I run into an issue that LDAP port 389 (unsecured) is working but when change to port 636 with (LDAP over SSL) with certificate validation that this was failing. Sadly it cost me some days to figure out this is a "known issue" in the release notes at the moment :(.

    https://support.hpe.com/hpesc/public/docDisplay?docId=a00108210en_us

    LDAP over SSL without certificate validation will working fine, but is less secure.



    ------------------------------
    Marcel Koedijk | MVP Expert 2020 | ACMP | ACCP | Ekahau ECSE
    ------------------------------



  • 13.  RE: Adding certificate to AirWave