Wireless Access

 View Only
last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Expand all | Collapse all

Aruba Instant - CSR and Private Key

This thread has been viewed 39 times
  • 1.  Aruba Instant - CSR and Private Key

    Posted Sep 25, 2023 11:34 AM

    I have a customer that uses Aruba Instant managed by Airwave and using Clearpass.  We are building a Clearpass Guest Self Registration portal and we have gotten to the point where we need to get certificates sorted out.  The certificates on Clearpass are handled but we have hit a hurdle on the certificate for the wireless (Instant) side.  

    We are aware we need to generate a CSR outside of the instant platform however, all of the solutions we have found to generate the CSR will generate a CSR and a Private Key file just fine but we don't know what the passphrase is so we can't upload the certificate to Airwave for use on the Instant clusters.  

    Is there something I am missing here or am I thinking about this all wrong?  Customer had a certificate issued based on a CSR that they generated with no Private Key file so we are going to need to re-key that cert but we are in a holding pattern until we can get this private key issue figured out.  Any suggestions?  Its amazing I haven't run into this before...but I expect to run into it more in the future.



    ------------------------------
    Jeremy R. Wirtz
    ------------------------------


  • 2.  RE: Aruba Instant - CSR and Private Key

    MVP
    Posted Sep 25, 2023 11:51 AM

    Have you checked this thread: How do I generate a CSR from an Virtual Controller?



    ------------------------------
    Shpat | ACEP | ACMP | ACCP | ACDP |
    -Just an Aruba enthusiast and contributor by cases-
    ------------------------------



  • 3.  RE: Aruba Instant - CSR and Private Key

    Posted Sep 25, 2023 11:57 AM

    Yes, and that was the source of my sentence saying we were aware that the CSR needs to be generated outside of the Instant platform came from.  Our problem isn't in generating a CSR, its generating a CSR and a private key file where we know what the private key is so that we can upload it.



    ------------------------------
    Jeremy R. Wirtz
    ------------------------------



  • 4.  RE: Aruba Instant - CSR and Private Key

    MVP
    Posted Sep 25, 2023 12:05 PM

    Just to get it right because i think i am missing something here:

    1. You are generating a CSR for FQDN of captive portal. 
    2. Then you are submitting this CSR to CA (public or private?)

    3.  The CA is giving you a .crt file and a .key file (if i am understanding correctly?) 

    4. If yes, you can modify both files with Wordpad or Notepad++ and then when you combine them both.

    5. Upload them as CER (just enter any password).



    ------------------------------
    Shpat | ACEP | ACMP | ACCP | ACDP |
    -Just an Aruba enthusiast and contributor by cases-
    ------------------------------



  • 5.  RE: Aruba Instant - CSR and Private Key
    Best Answer

    EMPLOYEE
    Posted Sep 25, 2023 12:11 PM

    I would highly recommend using a separate program for creating the private key and CSR, openssl being the default to go to.

    Example process: https://itigloo.com/security/generate-an-openssl-certificate-request-with-sha-256-signature/

    Sometimes when you generate the private key, the key itself isn't stored in a secured manner so there isn't any password to deal with.  Problem with that is that any interface that doesn't make the key password optional is going to have issues. You can get around that challenge by either applying a password or repackaging the key and certificate into a PKCS#12 (PFX) format.

    https://lindevs.com/add-password-to-private-key-using-openssl

    https://langui.sh/2009/01/24/generating-a-pkcs12-pfx-via-openssl/

    https://www.sslshopper.com/article-most-common-openssl-commands.html

    https://spin.atomicobject.com/2014/05/12/openssl-commands/



    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------



  • 6.  RE: Aruba Instant - CSR and Private Key

    Posted Sep 25, 2023 02:43 PM

    Thank you.  I was avoiding using openssl but this actually solved all of our problems.



    ------------------------------
    Jeremy R. Wirtz
    ------------------------------