Network Management

last person joined: 22 hours ago 

Keep an informative eye on your network with HPE Aruba Networking network management solutions
Back to discussions
Expand all | Collapse all

Is it possible to export the private key or the cert-key pair ?

This thread has been viewed 31 times

  • 1.  Is it possible to export the private key or the cert-key pair ?

    Posted Oct 25, 2016 03:40 PM

    I need to request a new  certificate for an Aruba 3600 controller, but to approve the request my infosec department is asking me to send them the private key or cert-key pair (.p12 or .pfx file).  Is there a way to export this?  Thanks!



  • 2.  RE: Is it possible to export the private key or the cert-key pair ?
    Best Answer

    EMPLOYEE
    Posted Oct 25, 2016 03:43 PM
    Private keys cannot be exported from the controller. If you need this
    functionality, create the key and CSR on an external server.


  • 3.  RE: Is it possible to export the private key or the cert-key pair ?

    Posted Apr 13, 2017 12:06 AM
    Today I was able to get the private key from a controller backup and add it to the CA signed cert and upload it to all of my other controllers after I generated the csr on one of them. I am not sure this is a supported method however it worked for me. Thought I would share.


  • 4.  RE: Is it possible to export the private key or the cert-key pair ?

    Posted Jun 26, 2018 04:33 PM

    I was able to obtain the private key from a controller backup as well and then add it into a .PEM file with the existing certificate and re-import into the controller successfully.

     



  • 5.  RE: Is it possible to export the private key or the cert-key pair ?

    Posted Nov 15, 2018 08:58 AM

    Hi.... How do you obtain the private key from the controller?



  • 6.  RE: Is it possible to export the private key or the cert-key pair ?

    Posted Nov 15, 2018 09:18 AM

    Hi Nan_A,

     

    If you take a backup of the controller, un-zip the tar.gz backup file.  Navigate to the "Flash" / "CertMgr" / "ServerCert" folder.  In this folder, find the file whose name is the same as the friendly name you gave to the certificate when it was previously imported into the appliance.  Open the file in a text editor and copy the "Encrypted Private Key" section.  You can then take this value and paste it into a .pem file that contains all of your necessary certificates (root, intermediate, etc.) and re-upload the merged/combined file, containing all certs and the key, back to the controller.



  • 7.  RE: Is it possible to export the private key or the cert-key pair ?

    Posted Nov 15, 2018 11:20 AM

    Thank you "stevepo". I think I have similar issue with "thereisnotry". I generated the CSR from one of the controller.
    I got the private key from the controller backup under folder "flash\certmgr\CSR". But this the file is encrypted private key.
    I didn't put any passphrase when I create CSR.

    @ thereisnoentry: How did you add the key to the signed Cert? Did you decrypt it first and combine it in .pfx format?
    and what passphrase would it be?



  • 8.  RE: Is it possible to export the private key or the cert-key pair ?

    Posted Nov 15, 2018 11:26 AM

    Nan_A,

     

    If you can obtain your signed cert in .pem format, you should be able to open the .pem in a text editor (Notepad, etc.) and then paste the "Encrypted Private Key" text obtained from the backup into the .pem at the very top and then save it as a new .pem file.  You can then re-import that .pem into the controller.  There was no need to decrypt the key when used in the described fashion.