Introduction
This document contains technical elements (not exhaustive) to take into account when installing a server SSL certificate on AirWave 8.2.11
The method used in the document is based on creating the .cer file and the .pfx file from OpenSSL and the Microsoft certificate authority installed on a Windows server 2019.
Prerequisites used in the example below:
- Aruba AirWave 8.2.12
- Serveur PKI Microsoft server 2019
- OpenSSL LibreSSL 2.8.3
The AirWave hostname used for the certificate will be Airwavelab
PREPARATION OF CERTIFICATE ELEMENTS
Generation of .csr file and private key
From the PC where OpenSSL is installed, create an AirWave_Cert target directory, from the terminal enter the following command:
openssl req -utf8 -nodes -sha256 -newkey rsa:2048 -keyout airwavelab.key -out airwavelab.csr
|
airwavelab.key ==> Private Key
airwavelab.csr ==> Certificate Request File
Generate .cer file
Open the airwavelab.csr file with the cat command and copy / paste the lines between -----BEGIN CERTIFICATE REQUEST ----- et -----END CERTIFICATE REQUEST-----
Open the page https: // example / certsvr in the browser of the PKI server and click on Request a certificate
Choose Submit an advanced certificate request (to be adapted according to your PKI server)
Click on Create and submit a request to this CA
Paste the result of the cat command and choose WebServer Template et click on Submit
Download the certificate in base 64 encoded format
Creating the .pfx file
Pfx file generation
To create the .pfx file, you must concatenate the private key, the .cer file and the ROOT-CA.cer certificate via the following command
Airwavelab_cert openssl pkcs12 -export -out airwavelab.pfx -inkey airwavelab.key -in airwavelab.cer -certfile culetto-CA.cer
|
SSL CERTIFICATE INSTALLATION
Transfer .pfx file to AirWave
I am using a Linux bounce web server for the scp, it is possible to perform the operation directly from your PC.
From the ssh connection on the AirWave, connect with the ampadmin account and follow the instructions on the screen
The 1st step is to load the certificate in the AirWave ==> Select 1 Files
Select 1 to import the .pfx certificate using the scp command
Select b to return to the home screen for further operations
Import certificat SSL et installation
Once the certificate is available in AirWave, the declaration is made in Select 3 Configuration
Select 4 Certificate
Select 1 Add SSL Certificate
The previously loaded certificate appears in the list
Enter the password defined when creating the .pfx file
The certificate is now installed and the secure connection in https
Deletion of expired certificate
From the main menu, it is possible to clean up old expired certificates
Select 1 Files ==> 3 Delete file
French version is available here ==> Forum Français
------------------------------
Nicolas Culetto
SE Aruba France
------------------------------