Wireless Access

 View Only
last person joined: yesterday 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

Uploading new certificate and getting error from 1 Aruba Hardware controller

This thread has been viewed 8 times
  • 1.  Uploading new certificate and getting error from 1 Aruba Hardware controller

    Posted Sep 22, 2022 01:14 PM

    Hello,

    We use a Mobility Master (2 of them for High Availability) and we have 2 x Hardware Local Controllers in a managed network group below the Mobility Master.

    I need to update an SSL certificate on each local hardware controller because that we are using for guest access and captive portal.

    The New certificate name is: wlan03.strattec.com22
    The previously used certificate name is: wlan03.strattec.com20

    When I SSH to the local controller and execute this command>show web-server profile

    I see the following results:

    Switch Certificate              wlan03.strattec.com20
    Captive Portal Certificate wlan03a.strattec.com22

    When I attempt to change the 'Switch Certificate' information from the SSH, I get the following error:

    (SSC01NVL016125) *[20:4c:03:57:6f:c2] (config) #web-server profile
    (SSC01NVL016125) *[20:4c:03:57:6f:c2] (Web Server Configuration) #switch-cert wlan03.strattec.com22
    Error: server certificate "wlan03.strattec.com20" not found in path /md/SSC03/20:4c:03:57:6f:c2

    The Aruba is saying that it cannot see the older certificate and as a result it cannot change it to be the new certificate.  Perhaps there is another way to change the Switch Certificate settings on this local controller.





    ------------------------------
    Stavros K
    ------------------------------


  • 2.  RE: Uploading new certificate and getting error from 1 Aruba Hardware controller

    EMPLOYEE
    Posted Sep 22, 2022 03:56 PM
    Use the GUI and go to Configuration>System> Admin> Server Certificate and see what the dropdown says...  If you are high enough, this will change it for all controllers and you shouldn't have to worry about doing it for each individual controller.  You should upload the new cert above all of your controllers for this to be able to happen.

    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card
    ------------------------------



  • 3.  RE: Uploading new certificate and getting error from 1 Aruba Hardware controller

    Posted Sep 29, 2022 02:58 PM
    Actually, what I ended up doing was...

    1). I logged on to the MM's command line (ssh).
    2). I cd --> to the switch that was having problems.
    3).  Turned on configuration mode.
    4).  Executed the command> no web-server profile<enter>
    5).  Execute the command >write memory.


    I then exited out of config mode and then entered mdconnect mode.  Then I was able to execute >show web-server profile<enter>

    To see the  switch certificate and captive portal certificate information.  It was shown as 'default'.

    6).  I then exited out of mdconnect mode
    7).  I then re-configred the certificate teh way that I wanted and it saved.

    ------------------------------
    Stavros K
    ------------------------------