Host keys as in the shared secret for the connection between MD and MCR? Yes, that may have been of influence, as the connection was unavailable at the time of pushing the certificate. But, as the situation is not a common one, it may just not have been tested under all possible circumstances.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Jul 31, 2024 08:33 AM
From: cauliflower
Subject: Certificate behaviour
Hi Herman,
We didn't remember to go through and update the new host keys via mdconnect until after we dealt with the certificate (new cert now installed and seems to be working). Could the host keys issue have affected the original certificate propagation do you think?
Guy
Original Message:
Sent: 7/31/2024 8:02:00 AM
From: Herman Robers
Subject: RE: Certificate behaviour
Agree that this shouldn't happen. However certificates are handled a but different than other configuration in AOS8, so it may work to upload the same (or different) certificate again on the cluster level in the hierarchy under a different name, then assign as server/cp cert. The real solution would be to work with TAC, this may be something quite rare and not come up that often.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
Original Message:
Sent: Jul 31, 2024 04:28 AM
From: cauliflower
Subject: Certificate behaviour
Hello,
AOS 8.10.0.13 (main cluster = 10 x 9240, backup cluster 4 x 7240XM)
I just want to check the expected behaviour of an AOS cluster. We have a wildcard certificate for all of our controllers, it was imported at cluster level a few weeks ago which worked fine. It is configured as the server cert and captive portal cert. It wasn't necessary to import it to each box. We have (since yesterday) replaced our main 7240XM cluster with 10 x 9240s (like for like - same IP details etc). This all went to plan apart from it looks like the certificate settings/certificate has not downloaded to each new box (although strangely it appears it did download to one of them). We are currently replacing the certificate with a new one to fix things, but is this the expected behaviour? It seems like we shouldn't have to do this.
Guy