Cloud Managed Networks

We're just getting started as new Aruba User Experience Insight (UXI) users.  We have an ssid that does EAP/TTLS authentication against cloud auth.  Users use the the Aruba onboarding app to configure their device to connect to this SSID.  It configures the device with a certificate that cloud auth issues, and that's the means by which the device authenticates.  I'm trying to figure out a way to configure UXI to test this network. 

I don't expect that it could download the onboarding app, issue itself a certificate and then use that to connect to this SSID.  However I see the ability to provide UXI a certificate to use with EAP/TTLS is part of its capabilities. 

It seems like I should be able to onboard a device and then export the certificate to have UXI use in a test.  I've tried a few different devices.  Some don't seem to have the ability to have the ability to export at all.  Others can export but can't export a .p12 or .pfx which are the only options that UXI offers.  The problem is apparently that the clients don't get the key which is part of what makes a .p12 or .pfx file.  It makes sense to me that the clients wouldn't have the key, and it doesn't make sense to me why UXI would need the key to test as a client when the actual users don't have it.

Does anyone know a solution for how to set up a test for a network like this in UXI?

A client device has to have the private key in order for TLS to even work, but the private key doesn't have to be marked as exportable.  The Cloud Auth onboarding flow is specifically designed to prevent what you are attempting.

The use case you describe isn't currently available.  Check with your HPE Aruba Networking account team for more information or feedback.