Community Feedback

 View Only

Automated WebUI Cert Deployment with Ansible

This thread has been viewed 4 times
  • 1.  Automated WebUI Cert Deployment with Ansible

    Posted Mar 22, 2024 10:33 AM

    Hi Aruba Community,

    I'm working on automating PEM certificate deployment to our Aruba IAP-315 controllers securely with Ansible. We've hit a few roadblocks and are looking for advice.

    The commands I'm using today are the following :

    AP# crypto pki-import format pem cert-type ServerCert tftp://xx.xx.xx.xx/Certificat-Aruba-Controleur.pem certname Certificat-Aruba-Controleur.pem

    AP# conf t

    AP (config) # wlan cert-assignment-profile

    AP (cert assignment) # pki-cert-assign application ui cert-type ServerCert certname Certificat-Aruba-Controleur.pem

    #APend

    AP# commit apply

    Constraints:

    • Only HTTP, TFTP, and FTP are available for importing certificates, but we're looking to avoid these due to lack of encryption.
    • Controllers can't store files; they only import certificates from a remote location.

    Current Approach:

    • Considering a temporary FTP/TFTP file share, accessible only by the controllers, then deleting the certificate and shutting down the share post-deployment. However, we're concerned about the security implications.

    Questions:

    1. Any best practices for this scenario?
    2. Is Aruba planning to support more secure protocols for certificate deployment?
    3. Tips for using Ansible, especially for setting up a secure, temporary HTTPS file share?
    4. Would love to hear how others tackled similar challenges or any creative solutions.

    Appreciate any insights or advice you can share!

    Thanks!