Try the command: "crypto pki enroll-self-signed certificate-name selfsignedcert"
certificate-name is a keyword in the command, not to be replaced by de name of the certificate which comes after that keyword.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Dec 02, 2024 04:48 PM
From: caNerdIan
Subject: SSL Certificate Issue
I've tried the crypto pki create-csr <cert name> but it doesn't accept anything as a valid certificate name. Running 16.10 on a 2930F.
Aruba-2930F-8G-PoEP-2SFPP(config)# web-management ssl
https cannot be enabled with no certificate present. To install a certificate,
use one of the following commands:
* 'crypto pki enroll-self-signed...'
* 'crypto pki create-csr ...'
Aruba-2930F-8G-PoEP-2SFPP(config)# crypto pki enroll-self-signed
certificate-name Name of the local certificate.
Aruba-2930F-8G-PoEP-2SFPP(config)# crypto pki enroll-self-signed selfsignedcert
Invalid input: selfsignedcert
Aruba-2930F-8G-PoEP-2SFPP(config)# crypto pki create-csr selfsignedcert
Invalid input: selfsignedcert
The 16.10 documentation makes mention of needing to generate using crypto key generate cert but that doesn't work:
Aruba-2930F-8G-PoEP-2SFPP(config)# crypto key generate cert
Invalid input: cert
The only valid options presented are autorun-key and ssh.
The documentation has me going around in circles with these commands. There is nowhere in the web UI to generate a certificate. I simply cannot figure out create a self-signed cert on this device based on the provided documentation that doesn't match what the CLI is giving me.
Is it just because it's a small 8-port unit and lacks the horsepower to do anything useful, and SSL isn't actually supported? What is missing here?
Original Message:
Sent: Aug 24, 2021 05:45 AM
From: Herman Robers
Subject: SSL Certificate Issue
As far as I know, you will need to create the CSR on the switch, but with a slightly different command.
Check the ArubaOS Security Guide for 2930F, starting at page 738 to see the steps.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
Original Message:
Sent: Aug 20, 2021 09:19 AM
From: Tyler Long
Subject: SSL Certificate Issue
The command I had tried to use to generate a CSR was:
crypto pki csr {rsa key_len <key_val> |{ec curve-name <key_val>} common_name <common_val> country <country_val> state_or_province <state> city <city_val> organization <organization_val> unit <unit_val> email <email_val>
But this didn't seem to work and in the GUI the CSR option is greyed out.
My second thought was to just get my internal CA to generate a certificate which I was able to do but I am scratching my head actually trying to get the certificate into the switch for use.
Original Message:
Sent: Aug 18, 2021 03:18 PM
From: Alexis La Goutte
Subject: SSL Certificate Issue
What command do you are using ?
------------------------------
PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...
PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)
PowerArubaCL: Powershell Module to use Aruba Central
PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..
ACEP / ACMX #107 / ACDX #1281
Original Message:
Sent: Aug 12, 2021 10:17 AM
From: Tyler Long
Subject: SSL Certificate Issue
Hello everyone,
I am having some trouble getting a certificate onto our 2930f switch. We would like to add one in order to make use of an TLS connection when accessing the GUI via the switch's IP address.
We do not have ClearPass, I am looking for a way to manually upload these certificates. I have tried to generate a CSR but the commands I have found thus far online don't seem to be working and the generate CSR option in the GUI is greyed out.
I have also tried to generate a certificate from our local CA but I cannot quite figure out how to upload this into the switch for use.
Any advice would be greatly appreciated.
Thanks!