Community Feedback

 View Only
last person joined: yesterday 

How is the community doing? Do you have any questions or feedback related for the Airheads Community team? This is the place to let us know.

Automated WebUI Cert Deployment with Ansible

This thread has been viewed 2 times
  • 1.  Automated WebUI Cert Deployment with Ansible

    Posted Mar 22, 2024 10:33 AM

    Hi Aruba Community,

    I'm working on automating PEM certificate deployment to our Aruba IAP-315 controllers securely with Ansible. We've hit a few roadblocks and are looking for advice.

    The commands I'm using today are the following :

    AP# crypto pki-import format pem cert-type ServerCert tftp://xx.xx.xx.xx/Certificat-Aruba-Controleur.pem certname Certificat-Aruba-Controleur.pem

    AP# conf t

    AP (config) # wlan cert-assignment-profile

    AP (cert assignment) # pki-cert-assign application ui cert-type ServerCert certname Certificat-Aruba-Controleur.pem

    #APend

    AP# commit apply

    Constraints:

    • Only HTTP, TFTP, and FTP are available for importing certificates, but we're looking to avoid these due to lack of encryption.
    • Controllers can't store files; they only import certificates from a remote location.

    Current Approach:

    • Considering a temporary FTP/TFTP file share, accessible only by the controllers, then deleting the certificate and shutting down the share post-deployment. However, we're concerned about the security implications.

    Questions:

    1. Any best practices for this scenario?
    2. Is Aruba planning to support more secure protocols for certificate deployment?
    3. Tips for using Ansible, especially for setting up a secure, temporary HTTPS file share?
    4. Would love to hear how others tackled similar challenges or any creative solutions.

    Appreciate any insights or advice you can share!

    Thanks!