Network Management

 View Only

SSL certificate installation on AirWave 8.2.11+

This thread has been viewed 60 times
  • 1.  SSL certificate installation on AirWave 8.2.11+

    Posted Jun 16, 2021 04:44 PM

    Introduction

     

    This document contains technical elements (not exhaustive) to take into account when installing a server SSL certificate on AirWave 8.2.11

     

    The method used in the document is based on creating the .cer file and the .pfx file from OpenSSL and the Microsoft certificate authority installed on a Windows server 2019.

     

    Prerequisites used in the example below:

    • Aruba AirWave 8.2.12
    • Serveur PKI Microsoft server 2019
    • OpenSSL LibreSSL 2.8.3

    The AirWave hostname used for the certificate will be Airwavelab

    PREPARATION OF CERTIFICATE ELEMENTS

    Generation of .csr file and private key

    From the PC where OpenSSL is installed, create an AirWave_Cert target directory, from the terminal enter the following command:

     

    openssl req -utf8 -nodes -sha256 -newkey rsa:2048 -keyout airwavelab.key -out airwavelab.csr

     

    airwavelab.key ==> Private Key

    airwavelab.csr ==> Certificate Request File

     

     

    Generate .cer file

     

    Open the airwavelab.csr file with the cat command and copy / paste the lines between -----BEGIN CERTIFICATE REQUEST ----- et -----END CERTIFICATE REQUEST-----

     

    Open the page https: // example / certsvr in the browser of the PKI server and click on Request a certificate

     

    Choose Submit an advanced certificate request (to be adapted according to your PKI server)

     

    Click on Create and submit a request to this CA

    Paste the result of the cat command and choose WebServer Template et click on Submit

    Download the certificate in base 64 encoded format



     

     

    Creating the .pfx file

     

    Pfx file generation

    To create the .pfx file, you must concatenate the private key, the .cer file and the ROOT-CA.cer certificate via the following command

     

    Airwavelab_cert openssl pkcs12 -export -out airwavelab.pfx -inkey airwavelab.key -in airwavelab.cer -certfile culetto-CA.cer

     

     

    SSL CERTIFICATE INSTALLATION

    Transfer .pfx file to AirWave

     

    I am using a Linux bounce web server for the scp, it is possible to perform the operation directly from your PC.

     

     

     

     

    From the ssh connection on the AirWave, connect with the ampadmin account and follow the instructions on the screen

     

    The 1st step is to load the certificate in the AirWave ==>  Select 1 Files

     

    Select 1 to import the .pfx certificate using the scp command

      

    SCP Source (user@host:path): adminloc@10.224.110.20:cert_temp/airwavelab.pfx

     

     Select b to return to the home screen for further operations

     

    Import certificat SSL et installation

    Once the certificate is available in AirWave, the declaration is made in Select 3 Configuration

     

    Select 4 Certificate

     

    Select 1 Add SSL Certificate

     

    The previously loaded certificate appears in the list

     

    Enter the password defined when creating the .pfx file

     

    The certificate is now installed and the secure connection in https

     

    Deletion of expired certificate

     

    From the main menu, it is possible to clean up old expired certificates

     

    Select 1 Files ==> 3 Delete file

     

     

     French version is available here ==> Forum Français

     



    ------------------------------
    Nicolas Culetto
    SE Aruba France
    ------------------------------