Wireless Access

Hello,

AOS 8.10.0.13 (main cluster = 10 x 9240, backup cluster 4 x 7240XM)

I just want to check the expected behaviour of an AOS cluster. We have a wildcard certificate for all of our controllers, it was imported at cluster level a few weeks ago which worked fine. It is configured as the server cert and captive portal cert. It wasn't necessary to import it to each box. We have (since yesterday) replaced our main 7240XM cluster with 10 x 9240s (like for like - same IP details etc). This all went to plan apart from it looks like the certificate settings/certificate has not downloaded to each new box (although strangely it appears it did download to one of them). We are currently replacing the certificate with a new one to fix things, but is this the expected behaviour? It seems like we shouldn't have to do this.

Guy

Agree that this shouldn't happen. However certificates are handled a but different than other configuration in AOS8, so it may work to upload the same (or different) certificate again on the cluster level in the hierarchy under a different name, then assign as server/cp cert. The real solution would be to work with TAC, this may be something quite rare and not come up that often.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Jul 31, 2024 04:28 AM
From: cauliflower
Subject: Certificate behaviour

Hello,

AOS 8.10.0.13 (main cluster = 10 x 9240, backup cluster 4 x 7240XM)

I just want to check the expected behaviour of an AOS cluster. We have a wildcard certificate for all of our controllers, it was imported at cluster level a few weeks ago which worked fine. It is configured as the server cert and captive portal cert. It wasn't necessary to import it to each box. We have (since yesterday) replaced our main 7240XM cluster with 10 x 9240s (like for like - same IP details etc). This all went to plan apart from it looks like the certificate settings/certificate has not downloaded to each new box (although strangely it appears it did download to one of them). We are currently replacing the certificate with a new one to fix things, but is this the expected behaviour? It seems like we shouldn't have to do this.

Guy

Original Message:
Sent: 7/31/2024 8:02:00 AM
From: Herman Robers
Subject: RE: Certificate behaviour

Agree that this shouldn't happen. However certificates are handled a but different than other configuration in AOS8, so it may work to upload the same (or different) certificate again on the cluster level in the hierarchy under a different name, then assign as server/cp cert. The real solution would be to work with TAC, this may be something quite rare and not come up that often.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Jul 31, 2024 04:28 AM
From: cauliflower
Subject: Certificate behaviour

Hello,

AOS 8.10.0.13 (main cluster = 10 x 9240, backup cluster 4 x 7240XM)

I just want to check the expected behaviour of an AOS cluster. We have a wildcard certificate for all of our controllers, it was imported at cluster level a few weeks ago which worked fine. It is configured as the server cert and captive portal cert. It wasn't necessary to import it to each box. We have (since yesterday) replaced our main 7240XM cluster with 10 x 9240s (like for like - same IP details etc). This all went to plan apart from it looks like the certificate settings/certificate has not downloaded to each new box (although strangely it appears it did download to one of them). We are currently replacing the certificate with a new one to fix things, but is this the expected behaviour? It seems like we shouldn't have to do this.

Guy