Aruba Apps

last person joined: yesterday 

Aruba Apps board is designed for questions, comments, and feature requests for all of Aruba Networks' mobile Apps.
Expand all | Collapse all

Radsec CA chained certificate

This thread has been viewed 6 times
  • 1.  Radsec CA chained certificate

    Posted Sep 10, 2021 02:28 PM

    Hi,

    I have radsec enabled and working with a self signed ca certificate. 
    I've swapped this for a certificate chain file, which has an intermediate and root ca certificate.

    This doesn't work and the AP is unable to validate the server certificate with this ca.

    I created one pem file by concatenating the two ca certificates together.

    cat ca.root.pem >> ca.pem
    cat ca.intermediate.pem >> ca.pem

    The resulting PEM file had the following:

    -----BEGIN CERTIFICATE-----
    ...
    -----END CERTIFICATE-----
    -----BEGIN CERTIFICATE-----
    ...
    -----END CERTIFICATE-----

    radsec ca upload
    This uploads fine and I can see it in the UI:
    radsec ca cert
    Is this the right way to upload certificate chains?

    Version8.6.0.13


    ------------------------------
    Emile Swarts
    ------------------------------


  • 2.  RE: Radsec CA chained certificate

    Posted Sep 13, 2021 07:17 AM
    Just installing the root should be enough for the CA certificate. The intermediates in the chain are sent by the RadSec server (or should be sent by the RadSec server).

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------