Hi Aruba Community,
I'm working on automating PEM certificate deployment to our Aruba IAP-315 controllers securely with Ansible. We've hit a few roadblocks and are looking for advice.
The commands I'm using today are the following :
AP# crypto pki-import format pem cert-type ServerCert tftp://xx.xx.xx.xx/Certificat-Aruba-Controleur.pem certname Certificat-Aruba-Controleur.pem
AP# conf t
AP (config) # wlan cert-assignment-profile
AP (cert assignment) # pki-cert-assign application ui cert-type ServerCert certname Certificat-Aruba-Controleur.pem
#APend
AP# commit apply
Constraints:
- Only HTTP, TFTP, and FTP are available for importing certificates, but we're looking to avoid these due to lack of encryption.
- Controllers can't store files; they only import certificates from a remote location.
Current Approach:
- Considering a temporary FTP/TFTP file share, accessible only by the controllers, then deleting the certificate and shutting down the share post-deployment. However, we're concerned about the security implications.
Questions:
- Any best practices for this scenario?
- Is Aruba planning to support more secure protocols for certificate deployment?
- Tips for using Ansible, especially for setting up a secure, temporary HTTPS file share?
- Would love to hear how others tackled similar challenges or any creative solutions.
Appreciate any insights or advice you can share!
Thanks!