Aruba Apps

I am trying to add a certificate to AirWave (v.8.2.11.2) to use encryption when authenticating with LDAP.  My system admin gave me a .cer certificate and when I try to add the certificate, I get "Invalid Certificate file for 'CER' format." I tried adding with and without a passphrase and combination of "Types" (Intermediate CA, Trusted CA, etc.)

The certificate is valid as well. Any help would be appreciated. 

------------------------------
Ken S.
------------------------------

Hi KenS,

For import a certificate in .CER format it's import you also need the private key, ca-root and intermediate certificate's. 

Most easy is way is to ask your system admin to delivery the certificate as PKCS12 or PFX which can contains all nessesary certificates.

------------------------------
Marcel Koedijk | MVP Expert 2020 | ACMP | ACCP | Ekahau ECSE

Original Message:
Sent: Dec 18, 2020 09:12 AM
From: Ken Sauter
Subject: Adding certificate to AirWave

I am trying to add a certificate to AirWave (v.8.2.11.2) to use encryption when authenticating with LDAP.  My system admin gave me a .cer certificate and when I try to add the certificate, I get "Invalid Certificate file for 'CER' format." I tried adding with and without a passphrase and combination of "Types" (Intermediate CA, Trusted CA, etc.)

The certificate is valid as well. Any help would be appreciated. 

------------------------------
Ken S.
------------------------------

I am trying to add a certificate to AirWave (v.8.2.11.2) to use encryption when authenticating with LDAP.  My system admin gave me a .cer certificate and when I try to add the certificate, I get "Invalid Certificate file for 'CER' format." I tried adding with and without a passphrase and combination of "Types" (Intermediate CA, Trusted CA, etc.)

The certificate is valid as well. Any help would be appreciated. 

Can you get the certificate in a different format? Problem with .CER is that it is not really a well-defined format in many cases it is a PEM or DER format but with .cer extension.

You can try to rename the file to .pem and import as PEM, or rename to .der and import as DER if .pem doesn't work.

If you open the file in a text editor, if it is readable and has a line like -----BEGIN CERTIFICATE----- in it, it is PEM format, if it is binary junk it is likely DER.

I prefer to use PEM for most purposes as it provides the least issues, and .p12 if it includes a private key like in a server or client certificate.

I am trying to add a certificate to AirWave (v.8.2.11.2) to use encryption when authenticating with LDAP.  My system admin gave me a .cer certificate and when I try to add the certificate, I get "Invalid Certificate file for 'CER' format." I tried adding with and without a passphrase and combination of "Types" (Intermediate CA, Trusted CA, etc.)

The certificate is valid as well. Any help would be appreciated. 

Thank you Herman.  I did try to rename the certificate and import it, but no luck.  Do you know what type of certificate I should import as? Intermediate CA, Server Cert, etc?  The certificate provided was a tertiary certificate from the root.  

Can you get the certificate in a different format? Problem with .CER is that it is not really a well-defined format in many cases it is a PEM or DER format but with .cer extension.

You can try to rename the file to .pem and import as PEM, or rename to .der and import as DER if .pem doesn't work.

If you open the file in a text editor, if it is readable and has a line like -----BEGIN CERTIFICATE----- in it, it is PEM format, if it is binary junk it is likely DER.

I prefer to use PEM for most purposes as it provides the least issues, and .p12 if it includes a private key like in a server or client certificate.

I am trying to add a certificate to AirWave (v.8.2.11.2) to use encryption when authenticating with LDAP.  My system admin gave me a .cer certificate and when I try to add the certificate, I get "Invalid Certificate file for 'CER' format." I tried adding with and without a passphrase and combination of "Types" (Intermediate CA, Trusted CA, etc.)

The certificate is valid as well. Any help would be appreciated. 

You should import the Root CA as 'Trusted CA' and might need to install the intermediate(s) as Intermediate CA. If it is a PEM file (with BEGIN CERTIFICATE sections), you can peel it apart, but probably import as Trusted CA at once might work.

If what you have only has BEGIN CERTIFICATE sections, so no PRIVATE KEY section, you can share it as a personal reply to me and I can have a quick look and try to import in my lab Airwave.

Thank you Herman.  I did try to rename the certificate and import it, but no luck.  Do you know what type of certificate I should import as? Intermediate CA, Server Cert, etc?  The certificate provided was a tertiary certificate from the root.  

Can you get the certificate in a different format? Problem with .CER is that it is not really a well-defined format in many cases it is a PEM or DER format but with .cer extension.

You can try to rename the file to .pem and import as PEM, or rename to .der and import as DER if .pem doesn't work.

If you open the file in a text editor, if it is readable and has a line like -----BEGIN CERTIFICATE----- in it, it is PEM format, if it is binary junk it is likely DER.

I prefer to use PEM for most purposes as it provides the least issues, and .p12 if it includes a private key like in a server or client certificate.

I am trying to add a certificate to AirWave (v.8.2.11.2) to use encryption when authenticating with LDAP.  My system admin gave me a .cer certificate and when I try to add the certificate, I get "Invalid Certificate file for 'CER' format." I tried adding with and without a passphrase and combination of "Types" (Intermediate CA, Trusted CA, etc.)

The certificate is valid as well. Any help would be appreciated. 

So it sounds like I would need to import 2 certificates, the root and the intermediate that I have already.  But it would be better if the certificates were in p12 or pfx.  

The cert is not a PEM.  I get binary stuff when I open the .cer and renamed .dem.  

You should import the Root CA as 'Trusted CA' and might need to install the intermediate(s) as Intermediate CA. If it is a PEM file (with BEGIN CERTIFICATE sections), you can peel it apart, but probably import as Trusted CA at once might work.

If what you have only has BEGIN CERTIFICATE sections, so no PRIVATE KEY section, you can share it as a personal reply to me and I can have a quick look and try to import in my lab Airwave.

Thank you Herman.  I did try to rename the certificate and import it, but no luck.  Do you know what type of certificate I should import as? Intermediate CA, Server Cert, etc?  The certificate provided was a tertiary certificate from the root.  

Can you get the certificate in a different format? Problem with .CER is that it is not really a well-defined format in many cases it is a PEM or DER format but with .cer extension.

You can try to rename the file to .pem and import as PEM, or rename to .der and import as DER if .pem doesn't work.

If you open the file in a text editor, if it is readable and has a line like -----BEGIN CERTIFICATE----- in it, it is PEM format, if it is binary junk it is likely DER.

I prefer to use PEM for most purposes as it provides the least issues, and .p12 if it includes a private key like in a server or client certificate.

I am trying to add a certificate to AirWave (v.8.2.11.2) to use encryption when authenticating with LDAP.  My system admin gave me a .cer certificate and when I try to add the certificate, I get "Invalid Certificate file for 'CER' format." I tried adding with and without a passphrase and combination of "Types" (Intermediate CA, Trusted CA, etc.)

The certificate is valid as well. Any help would be appreciated. 

If you use your favorite search engine to search for 'convert der to pem' there are online tools and openssl commands to perform that. If you have PEM format you can at least read what is in there.

Or ask your admin to provide the certificates in PEM/Base64 format.

So it sounds like I would need to import 2 certificates, the root and the intermediate that I have already.  But it would be better if the certificates were in p12 or pfx.  

The cert is not a PEM.  I get binary stuff when I open the .cer and renamed .dem.  

You should import the Root CA as 'Trusted CA' and might need to install the intermediate(s) as Intermediate CA. If it is a PEM file (with BEGIN CERTIFICATE sections), you can peel it apart, but probably import as Trusted CA at once might work.

If what you have only has BEGIN CERTIFICATE sections, so no PRIVATE KEY section, you can share it as a personal reply to me and I can have a quick look and try to import in my lab Airwave.

Thank you Herman.  I did try to rename the certificate and import it, but no luck.  Do you know what type of certificate I should import as? Intermediate CA, Server Cert, etc?  The certificate provided was a tertiary certificate from the root.  

Can you get the certificate in a different format? Problem with .CER is that it is not really a well-defined format in many cases it is a PEM or DER format but with .cer extension.

You can try to rename the file to .pem and import as PEM, or rename to .der and import as DER if .pem doesn't work.

If you open the file in a text editor, if it is readable and has a line like -----BEGIN CERTIFICATE----- in it, it is PEM format, if it is binary junk it is likely DER.

I prefer to use PEM for most purposes as it provides the least issues, and .p12 if it includes a private key like in a server or client certificate.

I am trying to add a certificate to AirWave (v.8.2.11.2) to use encryption when authenticating with LDAP.  My system admin gave me a .cer certificate and when I try to add the certificate, I get "Invalid Certificate file for 'CER' format." I tried adding with and without a passphrase and combination of "Types" (Intermediate CA, Trusted CA, etc.)

The certificate is valid as well. Any help would be appreciated. 

I am a little limited as to what I can do since I am not admin on my VM while working remotely.  My admin was able to provide a .p7b, but I didn't have much luck adding the certificate. 

I can ask for PEM/Base64, but would a .p7b work?  

If you use your favorite search engine to search for 'convert der to pem' there are online tools and openssl commands to perform that. If you have PEM format you can at least read what is in there.

Or ask your admin to provide the certificates in PEM/Base64 format.

So it sounds like I would need to import 2 certificates, the root and the intermediate that I have already.  But it would be better if the certificates were in p12 or pfx.  

The cert is not a PEM.  I get binary stuff when I open the .cer and renamed .dem.  

You should import the Root CA as 'Trusted CA' and might need to install the intermediate(s) as Intermediate CA. If it is a PEM file (with BEGIN CERTIFICATE sections), you can peel it apart, but probably import as Trusted CA at once might work.

If what you have only has BEGIN CERTIFICATE sections, so no PRIVATE KEY section, you can share it as a personal reply to me and I can have a quick look and try to import in my lab Airwave.

Thank you Herman.  I did try to rename the certificate and import it, but no luck.  Do you know what type of certificate I should import as? Intermediate CA, Server Cert, etc?  The certificate provided was a tertiary certificate from the root.  

Can you get the certificate in a different format? Problem with .CER is that it is not really a well-defined format in many cases it is a PEM or DER format but with .cer extension.

You can try to rename the file to .pem and import as PEM, or rename to .der and import as DER if .pem doesn't work.

If you open the file in a text editor, if it is readable and has a line like -----BEGIN CERTIFICATE----- in it, it is PEM format, if it is binary junk it is likely DER.

I prefer to use PEM for most purposes as it provides the least issues, and .p12 if it includes a private key like in a server or client certificate.

I am trying to add a certificate to AirWave (v.8.2.11.2) to use encryption when authenticating with LDAP.  My system admin gave me a .cer certificate and when I try to add the certificate, I get "Invalid Certificate file for 'CER' format." I tried adding with and without a passphrase and combination of "Types" (Intermediate CA, Trusted CA, etc.)

The certificate is valid as well. Any help would be appreciated. 

If you share the DER/CER/p7b in a personal message, I can have a look if I can import it in my Airwave.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

Original Message:
Sent: Dec 21, 2020 11:58 AM
From: Ken Sauter
Subject: Adding certificate to AirWave

I am a little limited as to what I can do since I am not admin on my VM while working remotely.  My admin was able to provide a .p7b, but I didn't have much luck adding the certificate. 

I can ask for PEM/Base64, but would a .p7b work?  

------------------------------
Ken Sauter

Original Message:
Sent: Dec 21, 2020 11:48 AM
From: Herman Robers
Subject: Adding certificate to AirWave

If you use your favorite search engine to search for 'convert der to pem' there are online tools and openssl commands to perform that. If you have PEM format you can at least read what is in there.

Or ask your admin to provide the certificates in PEM/Base64 format.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

Original Message:
Sent: Dec 21, 2020 10:06 AM
From: Ken Sauter
Subject: Adding certificate to AirWave

So it sounds like I would need to import 2 certificates, the root and the intermediate that I have already.  But it would be better if the certificates were in p12 or pfx.  

The cert is not a PEM.  I get binary stuff when I open the .cer and renamed .dem.  

------------------------------
Ken Sauter

Original Message:
Sent: Dec 21, 2020 09:40 AM
From: Herman Robers
Subject: Adding certificate to AirWave

You should import the Root CA as 'Trusted CA' and might need to install the intermediate(s) as Intermediate CA. If it is a PEM file (with BEGIN CERTIFICATE sections), you can peel it apart, but probably import as Trusted CA at once might work.

If what you have only has BEGIN CERTIFICATE sections, so no PRIVATE KEY section, you can share it as a personal reply to me and I can have a quick look and try to import in my lab Airwave.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

Original Message:
Sent: Dec 21, 2020 08:44 AM
From: Ken Sauter
Subject: Adding certificate to AirWave

Thank you Herman.  I did try to rename the certificate and import it, but no luck.  Do you know what type of certificate I should import as? Intermediate CA, Server Cert, etc?  The certificate provided was a tertiary certificate from the root.  

------------------------------
Ken Sauter

Original Message:
Sent: Dec 21, 2020 05:59 AM
From: Herman Robers
Subject: Adding certificate to AirWave

Can you get the certificate in a different format? Problem with .CER is that it is not really a well-defined format in many cases it is a PEM or DER format but with .cer extension.

You can try to rename the file to .pem and import as PEM, or rename to .der and import as DER if .pem doesn't work.

If you open the file in a text editor, if it is readable and has a line like -----BEGIN CERTIFICATE----- in it, it is PEM format, if it is binary junk it is likely DER.

I prefer to use PEM for most purposes as it provides the least issues, and .p12 if it includes a private key like in a server or client certificate.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

Original Message:
Sent: Dec 18, 2020 09:12 AM
From: Ken Sauter
Subject: Adding certificate to AirWave

I am trying to add a certificate to AirWave (v.8.2.11.2) to use encryption when authenticating with LDAP.  My system admin gave me a .cer certificate and when I try to add the certificate, I get "Invalid Certificate file for 'CER' format." I tried adding with and without a passphrase and combination of "Types" (Intermediate CA, Trusted CA, etc.)

The certificate is valid as well. Any help would be appreciated. 

------------------------------
Ken S.
------------------------------

Hi Ken,

By re-read your post i see you like to use a certificate for LDAP, probably for secure LDAP over SSL on port 636. Based on this case i was testing this for you in my homelab. LDAP (389) works but LDAP over SSL was not working for me (with imported the needed ca-cert). End-up with the Aruba Instant 8.7.0.x User Guide where is noted that LDAP over SSL is currently not supported on Aruba Instant.

https://support.hpe.com/hpesc/public/docDisplay?docId=a00101274en_us

(page 233)

Where do you like to use LDAP for? As authentication source in your instant virtual clusters or for login at the management page of Airwave? You could also consider TACACS or RADIUS as beter alternative.

------------------------------
Marcel Koedijk | MVP Expert 2020 | ACMP | ACCP | Ekahau ECSE

Original Message:
Sent: Dec 22, 2020 04:58 AM
From: Herman Robers
Subject: Adding certificate to AirWave

If you share the DER/CER/p7b in a personal message, I can have a look if I can import it in my Airwave.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

Original Message:
Sent: Dec 21, 2020 11:58 AM
From: Ken Sauter
Subject: Adding certificate to AirWave

I am a little limited as to what I can do since I am not admin on my VM while working remotely.  My admin was able to provide a .p7b, but I didn't have much luck adding the certificate. 

I can ask for PEM/Base64, but would a .p7b work?  

------------------------------
Ken Sauter

Original Message:
Sent: Dec 21, 2020 11:48 AM
From: Herman Robers
Subject: Adding certificate to AirWave

If you use your favorite search engine to search for 'convert der to pem' there are online tools and openssl commands to perform that. If you have PEM format you can at least read what is in there.

Or ask your admin to provide the certificates in PEM/Base64 format.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

Original Message:
Sent: Dec 21, 2020 10:06 AM
From: Ken Sauter
Subject: Adding certificate to AirWave

So it sounds like I would need to import 2 certificates, the root and the intermediate that I have already.  But it would be better if the certificates were in p12 or pfx.  

The cert is not a PEM.  I get binary stuff when I open the .cer and renamed .dem.  

------------------------------
Ken Sauter

Original Message:
Sent: Dec 21, 2020 09:40 AM
From: Herman Robers
Subject: Adding certificate to AirWave

You should import the Root CA as 'Trusted CA' and might need to install the intermediate(s) as Intermediate CA. If it is a PEM file (with BEGIN CERTIFICATE sections), you can peel it apart, but probably import as Trusted CA at once might work.

If what you have only has BEGIN CERTIFICATE sections, so no PRIVATE KEY section, you can share it as a personal reply to me and I can have a quick look and try to import in my lab Airwave.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

Original Message:
Sent: Dec 21, 2020 08:44 AM
From: Ken Sauter
Subject: Adding certificate to AirWave

Thank you Herman.  I did try to rename the certificate and import it, but no luck.  Do you know what type of certificate I should import as? Intermediate CA, Server Cert, etc?  The certificate provided was a tertiary certificate from the root.  

------------------------------
Ken Sauter

Original Message:
Sent: Dec 21, 2020 05:59 AM
From: Herman Robers
Subject: Adding certificate to AirWave

Can you get the certificate in a different format? Problem with .CER is that it is not really a well-defined format in many cases it is a PEM or DER format but with .cer extension.

You can try to rename the file to .pem and import as PEM, or rename to .der and import as DER if .pem doesn't work.

If you open the file in a text editor, if it is readable and has a line like -----BEGIN CERTIFICATE----- in it, it is PEM format, if it is binary junk it is likely DER.

I prefer to use PEM for most purposes as it provides the least issues, and .p12 if it includes a private key like in a server or client certificate.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

Original Message:
Sent: Dec 18, 2020 09:12 AM
From: Ken Sauter
Subject: Adding certificate to AirWave

I am trying to add a certificate to AirWave (v.8.2.11.2) to use encryption when authenticating with LDAP.  My system admin gave me a .cer certificate and when I try to add the certificate, I get "Invalid Certificate file for 'CER' format." I tried adding with and without a passphrase and combination of "Types" (Intermediate CA, Trusted CA, etc.)

The certificate is valid as well. Any help would be appreciated. 

------------------------------
Ken S.
------------------------------