Controllerless Networks

last person joined: 10 hours ago 

Aruba Instant Wi-Fi: Meet the controllerless Wi-Fi solution that's easy to set-up, is loaded with security and smarts, and won't break your budget.
Expand all | Collapse all

Error when uploading new cert

  • 1.  Error when uploading new cert

    Posted Dec 01, 2016 07:50 PM
      |   view attached

    Hi there:

     

    It took me a little bit, but I finally ran into the cert revokation issue. Here's where I'm at...

     

    I cretaed my RSA key, and purchased a cert from Comodo. Blah, blah, received my public cert. I imported into trusted and intermediate. I then exported the public cert, the private key, and the intermediate cert. Then I copied those to my Mac, opened terminal, and ran the three cat commands (per this thread: https://community.arubanetworks.com/t5/Controller-less-WLANs/ArubaOS-Default-Certificate-Revocation-FAQ-Instant/ta-p/275814) without error to combine them into a pem cert. But when I try to upload to my T105 (6.4.2.6-x; won't go any higher), i get the error:

     

    cert_upload_split_certificate_file_failed_head (see attached screen).

     

    I suppose it could be a corrupted cert I received, but I got no errors on my CA when importing. Can anyone help me out here?

     

    Thanks



  • 2.  RE: Error when uploading new cert

    Posted Dec 02, 2016 04:42 PM
    I had the same issue with 205 AP when I tried to import our server pem file. CA worked first time.
    I resolved it by exporting a pfx certificate from our IIS server and then importing the pfx choosing the pcks option on the drop down menu.
    Keep in mind that there is a custom build firmware that bypass the revoked certificate without the need of a public one, give that a try before importing your certificate. If you import and assign your certificate then the workaround doesn't work anymore. Custom build firmware is 6.4.4.4-4.2.3.3_56794.
    Also have a look at
    https://community.arubanetworks.com/t5/Aruba-Instant-Cloud-Wi-Fi/How-can-i-upload-a-new-portal-certificate-in-Aruba-Central/td-p/277886


  • 3.  RE: Error when uploading new cert

    Posted Dec 02, 2016 05:24 PM

    Thanks, Bourasp:

     

    Just about 30 minutes ago, I was able to successfully configure and upload a good pem file. UNFORTUNATELY...

     

    Now, while I can ping my APs, I have no access to the GUI

    (This site can’t be reached. The connection was reset.)  But users seem to have connectivity, so, that's good.

     

    Argh!

     

    Well, I'm off for the weekend. I'll pick this up on Monday. Y'all have a good one.



  • 4.  RE: Error when uploading new cert

    Posted Dec 03, 2016 04:33 AM
    Hi,
    I think it's the certificate usage settings, If nothing else works check the thing with the new group etc. And then choose the certificate usage for captive only.


  • 5.  RE: Error when uploading new cert

    Posted Dec 07, 2016 05:50 PM

    Man, I'm dead. Not sure how to upload a cert for captive if I can't log in. Plus, I need to get my hands on a 14 ft. ladder to get to them.

     

    Argh!!



  • 6.  RE: Error when uploading new cert

    Posted Dec 07, 2016 09:27 PM

    @shmengie wrote:

    Man, I'm dead. Not sure how to upload a cert for captive if I can't log in. Plus, I need to get my hands on a 14 ft. ladder to get to them.

     

    Argh!!


    Maybe not.  What browser are you using?



  • 7.  RE: Error when uploading new cert

    Posted Dec 08, 2016 03:35 AM

    Hi,

    Can you try using SSH to get to them?



  • 8.  RE: Error when uploading new cert

    Posted Dec 08, 2016 01:03 PM

    Good idea. But, no...cannot Putty in, either.



  • 9.  RE: Error when uploading new cert

    Posted Dec 08, 2016 01:01 PM

    Colin:

     

    Yeah, I thought of that. I've tried Chrome, IE, Safari and Firefox. Just cannot get in. It wants to let me in; I've added the exception to Firefox, but then I get "Secure connection Failed." I've changed the cert in Safari to "Always Trust", and the page comes up blank.

     

    At the end of the day, the users are not affected, I just can't manage my APs. So, not critical. YET. And, I can bounce them by power cycling the POE injectors in the server room, if I have to.

     

    Thanks for the idea, though.



  • 10.  RE: Error when uploading new cert

    Posted Jul 21, 2017 04:51 PM

    Any update on this?  I’m having a similar issue after uploading my CP certificate.  SSH works but the management web UI won’t load.



  • 11.  RE: Error when uploading new cert

    Posted Jul 21, 2017 09:35 PM

    That typically happens when your certificate is invalid.

     

    What version of Instant is this?



  • 12.  RE: Error when uploading new cert

    Posted Jul 22, 2017 12:45 AM

    @cjoseph wrote:

    That typically happens when your certificate is invalid.

     

    What version of Instant is this?


    While that might be the case in some way, I have other systems that use the same certificate/chain without incident.  Even then I would expect it to break the CP, not the management UI.

     

    How do I resolve?  I’m running ArubaOS (MODEL: 215), Version 6.4.4.8-4.2.4.7.

     



  • 13.  RE: Error when uploading new cert

    Posted Jul 22, 2017 05:14 AM

    All devices do not use SSL certificates in the exact same way.  Some devices need them in a specific format.  Try to run the certificate through the Certificate Decoder here:  https://www.sslshopper.com/certificate-decoder.html

     

    In instant the SSL certificate is used in the management UI, as well, so yes it will break it if it is not correct, because there is no specific checking...



  • 14.  RE: Error when uploading new cert

    Posted Jul 24, 2017 02:01 AM

    What a huge pain—after numerous trial and error attempts that required a reload of the VC every time, removing the password from the private key finally resolved the issue.  The decoder at SSLShopper had no issue with the certificate and neither did OpenSSL on my system prior to removing the password.  So much for requesting a Passphrase in the UI!



  • 15.  RE: Error when uploading new cert

    Posted Jul 21, 2017 09:58 PM

    Funny, I just got this working last week. Now that HP bought Aruba, you can actually get support. After I bought the cert from Comodo, I called them to help configure. They were fully aware of the cert being hacked and built the new cert chain for me. Turns out, they built it in the wrong order! When I call HP, they ran the certs through sslshopper.com and saw that the chain was incorrect. They rebuilt it for me, and stayed on the remote session while I uploaded to make sure it worked. It does! I am back to 100%.

    I'd call HP.



  • 16.  RE: Error when uploading new cert

    Posted Jul 21, 2017 10:02 PM

    Calling "HP" (HPE btw), takes you to the same Aruba engineers as pre-HP(E)  😀



  • 17.  RE: Error when uploading new cert

    Posted Jul 21, 2017 10:20 PM

    HPE, yes...I sit corrected.


    So, whenI first got my my 105's, I called Aruba for a little config help. I did get helped, but was told at the time that they did not provide end-user support. Maybe just a bad tech giving wrong info. I since have assumed I was on my own.