There are more widespread issues with P12/PFX created by modern versions op OpenSSL. For me using the -legacy in the OpenSSL command to create the p12/pfx worked. Have not tried specifically for ArubaOS, but can imagine it's the same.
As an alternative you could export your pfx to PEM and put key+cert+intermediates in a single pem file and import that.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Dec 12, 2022 12:10 PM
From: Koen V
Subject: A7005 Error Uploading (valid) Certificate
I guess I don't have much choice if I don't want to spend several more hours on this.
Creating the pfx as PBE-SHA1-3DES does not help. Trying to create it with legacy provider keeps throwing up errors. sigh, upgrade it is I guess.
Original Message:
Sent: Dec 12, 2022 10:55 AM
From: Unknown User
Subject: A7005 Error Uploading (valid) Certificate
Yes you are right! I skipped over the model number in your previous post and took "Controller is no longer under support" to mean that was an EOL device that could not be upgraded any further.
"real fix" is to buy support and upgrade ;)
Original Message:
Sent: Dec 12, 2022 10:30 AM
From: Koen V
Subject: A7005 Error Uploading (valid) Certificate
Uch, hate to admit it, but I should have known that since I had to do the same last year.. Oops!
That said.. replace the controller? You kidding? The 7005 controller is still for sale and fully supported. Nothing wrong with a 7005!
The 6.5 version? Well, you aren't wrong there. :) Upgrades to Central are being considered.
Anyway, again, thank you for the reminder!
Original Message:
Sent: Dec 12, 2022 09:33 AM
From: Unknown User
Subject: A7005 Error Uploading (valid) Certificate
The controller simply doesn't like the format of the certificate. This needs to a trial an error until you find one that works. That old of a controller on that old of a version of AOS may also have issues with SHA length. Try SHA1 (broken) or one of the lower SHA2 hashes when getting the certificate signed.
Of course, the real fix here is to replace the controller.
Original Message:
Sent: Dec 12, 2022 09:26 AM
From: Koen V
Subject: A7005 Error Uploading (valid) Certificate
Trying to update the SSL certificate on my Aruba7005 controller running 6.5.4.24 code.
I have a single SAN cert for both Clearpass and controller. Clearpass accepts my certificate without problem.
When trying to import the same pfx into the controller it always ends up with "Error Uploading Certificate: Incorrect password or error in certificate format.".
Using OpenSSL to extract the cert and priv key from the .pfx and recreating it using OpenSSL v1.1.1q or 3.0.5 does not get me anywhere either. Clearpass accepts it without problem, controller keeps throwing that error.
I have tried a pfx with CA bundle included, pfx without CA but CA bundle uploaded in advance, uploading cert with SCP and then trying to import through CLI. Nothing seems to work .
Controller is no longer under support, thus hoping for a clue about why the controller thinks the certificate is invalid.