Network Management

last person joined: 21 hours ago 

Keep an informative eye on your network with IMC and AirWave network management solutions.
Expand all | Collapse all

Airwave SSL certificate

Jump to Best Answer
  • 1.  Airwave SSL certificate

    Posted Feb 21, 2018 09:17 AM

    Hey everyone. Aruba newbie here.

     

    I have seen diffrent methods on how to install a signed certificate for the Aruba Airwave UI. But they all seem a bit much. 

     

    I have a certificate and want the green mark in the browser windows (-:, 

     

    Just upgraded to the latest version 8.2.6, and in CLI i see option 9 security--> and -->3  Add SSL Certificate, but the only option after this is "c" cancel.

     

    Anyone know the simplest method to achieve this ?

     

    Thanx



  • 2.  RE: Airwave SSL certificate

    Posted Feb 21, 2018 09:42 AM


  • 3.  RE: Airwave SSL certificate

    Posted Feb 21, 2018 10:12 AM

    If you're just installing a SSL cert, then you can use the above path.  In 8.2.6, we added a new path.

     

    Security
    1 Reset Web admin Password
    2 Change OS User Password
    3 Add SSL Certificate
    4 Add DTLS Certificates
    5 Enable FIPS (requires reboot)
    6 Show EngineID
    7 Module Key
    8 Apply STIGs
    9 Set MaxAuthTries value for sshd
    10 Make OCSP Optional
    11 Generate Certificate Signing Request
    12 Install Signed Certificate

     

     

    Using option 11 under the security menu, you can generate a CSR, then submit that CSR to the signing authority.  When you get the resulting cert, you'll upload it using the upload option off the main menu.  Then install the cert using option 12 under the security menu - NOTE: The file must be in PEM format with the filename extension ".crt"



  • 4.  RE: Airwave SSL certificate

    Posted Jul 18, 2018 11:06 AM

    Is it possible to specify a SAN when generating the CSR in the new CLI?

     

    Regards,

    JoeB



  • 5.  RE: Airwave SSL certificate

    Posted Aug 28, 2018 12:22 PM

    Do you upload a single PEM file with the cert and intermediate/roots too?

     

    TIA.



  • 6.  RE: Airwave SSL certificate

    Posted Aug 28, 2018 12:44 PM

    @joebunk

    We don't currently support generating SAN Cert through this CSR process.  That'd be a feature request currently.

     

    @su_A_ve

    If you're doing the CSR route, you don't have an option to make changes to the resulting PEM file.  But if you're going the SSL route, then the pkcs12 file you upload should have the cert and intermediates combined.



  • 7.  RE: Airwave SSL certificate

    Posted Oct 18, 2018 04:18 PM

    How can I install a wildcard cert for our domain in so that Airwave will use it for the web interface?  I've got the cert into the system but I haven't yet found where to enable it.  (I may not have the cert in correctly, so if there's a specific way to get it working, please describe!)

    Thanks.

    PH



  • 8.  RE: Airwave SSL certificate

    Posted Oct 18, 2018 04:23 PM

    Is the wildcard cert generated based on a CSR?  Or is it an SSL wildcard cert?

     

    If it's SSL -> then Security -> Add SSL, it'd replace any pre-existing SSL, so if you're trying to add it, you'd have to combine your pre-existing SSL to the wildcard before adding.

     

    If it's CSR, then you use the Security -> Install CSR cert option.



  • 9.  RE: Airwave SSL certificate

    Posted Nov 20, 2018 01:19 PM

    This is a wildcard cert.  I've been able to upload the files to the box.  Although I can not use '1 Upload File' when I give the SCP server user and file/path, it just gives a generic failed error code. I had to set up to push with sftp using 8 Advanced, 7 Add File Tranfer User.

     

    Anyway, 9 Security - 3 SSL Certificate lists the certificate file, but no matter how I have formatted the file so far, I keep getting an error.

     

    The file must be in PKCS12 format with ".pfx" or ".p12" filename extension and should contain both the private RSA key and the certificate.)
      1  test.pfx           6,233 bytes  2018-11-20 11:53:07
      c  >> Cancel
    Your choice: 1
    Enter PKCS12 password:
    Error: PKCS12 bundle must contain RSA key.

     

     

    What might I be doing wrong here?



  • 10.  RE: Airwave SSL certificate

    Posted Nov 20, 2018 01:52 PM

    Another quick note.  I was able to use the certificate for Security 4 - Add DTLS Certificates and it went through, although that prompt doesn't say anything about the RSA key anyway, just the private key, root certs and intermediate.

     



  • 11.  RE: Airwave SSL certificate

    Posted Nov 21, 2018 10:08 AM

    The error statement says that the cert bundle is missing the RSA key.

     

    DTLS certs aren't the same as regular SSL certs.  SSL certs are for communication to the AMP UI through httpd and nginx.  While DTLS certs is for secure AMON that uses a different communication route created specifically for that feature.



  • 12.  RE: Airwave SSL certificate

    Posted Nov 26, 2018 01:00 PM

    Hey Rob,

     

    That's the question - why doesn't the system see the RSA key?  I have used several methods to create the bundle I include the key with them each time.  Is there a specific procedure to getting the bundle put together for a wildcard cert that I could use to get this working?

    I've imported the same cert w key in the GUI under Device Setup - Certificates without an error, but I can't seem to tell it to use that cert for the HTTPS traffic.

     

    Note that I can also attempt to import the cert without the key on the GUI and I get the Certificate file is missing private key error as expected.  The one with the key imports and shows up properly here, but gives the RSA error on the CLI.  Is it time for a support ticket?



  • 13.  RE: Airwave SSL certificate

    Posted Nov 26, 2018 01:10 PM

    Validations are different between UI and CLI.  Probably best to open a TAC case at this point.



  • 14.  RE: Airwave SSL certificate
    Best Answer

    Posted Nov 28, 2018 10:33 AM

    FYI - my issue was resolved.  There was a bug:

     

    bug #DE32144 in 8.2.7.1 version, patch file was released.

     

    TAC applied the patch and recompiled the software, and the certificate is now active.  

     

    Thanks for the help.



  • 15.  RE: Airwave SSL certificate

    Posted Feb 06, 2019 08:53 AM

    what if you use a 3rd party cert management tool to handle the CSR and you need to install both the cert and private key? I download both in the PEM file but you mention the file to install needs to just be the identity cert 9.crt). Can I also get the private key and root chain installed in some way using option 11? 



  • 16.  RE: Airwave SSL certificate

    Posted Feb 06, 2019 09:28 AM

    That'd be a feature request to handle that scenario.  We do have our own CSR route built, but not one that takes an external CSR private key.

     

    If you need to go that route, support can assist to put the pieces into place, but a feature request should still be submitted.



  • 17.  RE: Airwave SSL certificate

    Posted Sep 23, 2020 05:06 AM

    Hi ,

     

    I have Airwave version 8.2.11.2 and I have wildcard certs. which I uploaded via GUI and it's in pfx format. All went well. but still, my UI is showing an unsecured warning. I have seen all thread. followed all steps. 

    Even went into AMP setup and added certificate to authenticate and converted my pfx to PEM and copy ,pasted the certificate. no luck .

     

    what am I missing? why Arba manual or UI is so confusing.  CLI is another level of complexity.