How to install Server certificate on CPPM

Aruba Employee
Aruba Employee

This Article talks about installing Server certificate on CPPM.

We can install various types of Server certificates on CPPM.

i: Self signed Server Certificate.
ii: Certificate signed by a signing authority like AD.
iii: Certificate signed by Trusted Signing Authority.


Environment : This Article is written for CPPM 6.2.


Below are the detailed steps.

Step 1:

Creating a self signed Server certificate for CPPM.

Navigate to "Administration » Certificates » Server Certificate" and click on " Create Self- Signed Certificate".



Fill in the form as per the details of the company and hit "submit".


rtaImage (1).png


Click "Install" to install the certificate.

After completing the install step, please re-login using the Host name and navigate to the "Administration » Certificates » Server Certificate" and verify the details.


rtaImage (2).png



Step 2:

Installing a Certificate signed by AD or a trusted Root CA authority.

Navigate to "Administration » Certificates » Server Certificate" and click on " Create Certificate signing request" and fill in the details below. Make sure that we make a note of the Private key password.


rtaImage (3).png

After hitting "Submit", please download the CSR and Private key file. We can also copy paste the CSR to a notepad and save it.


rtaImage (4).png


Go to the webpage for your Active Directory Certificate Services. By default, the webpage to access this is http://<IP
ADDRESS OR HOSTNAME>/certsrv/. Click on “Request a certificate”.


rtaImage (5).png

Request an “advanced certificate request”.


rtaImage (6).png

Select the second option from the list below to get the CSR signed.


rtaImage (7).png

Copy/paste the CSR request generated on CPPM into the Saved Request box. Choose the Certificate Template as “Web server”.


rtaImage (8).png


Download only the certificate chain in Base 64 encoded format. The chain will be in PKCS format and will have the server certificate and the root CA. We will need to extract each certificate from the chain in order to upload them to Amigopod.


rtaImage (9).png


Open the certificate in the native Windows certificate manager. Expand the folders to view the contents of the certificate chain. There should be at least two certificates. One is the certificate and the other is the Root CA.


rtaImage (10).png


Export the server certificate using the certificate export Wizard.
In the Wizard, select Base-64 encoded X.509 (.CER) as the export format.
Browse for a folder destination and give the certificate a file name. The extension should be .cer.


rtaImage (11).png


Repeat the steps with the Root CA certificate.

We need a single file to upload as a SSL certificate. So right click on the Server cert and open it in a editor utility like notepad++ and concatenate the contents in the below order.

1: Server Certificate
2: Intermediate Certificate ( if you have any)
3: Root certificate

Save the concatenated file as name.pem.

You are now ready to import these certificates into CPPM. navigate to the "Administration » Certificates » Server Certificate" .


rtaImage (12).png

Certificate File : Concatenated file in .PEM format.
Private Key File : The certPrivkey.pkey file
Private key password:  password enterned while creating a the CSR.

After Import please re-login using the Host name and navigate to the "Administration » Certificates » Server Certificate" and verify the details.

Version history
Revision #:
1 of 1
Last update:
‎07-17-2014 08:49 AM
Updated by:
Labels (1)

Will doing this allow me to authenticate users via their personal certificate that was issued by the same issuing CA for CPPM?  In other words I want to authenticate users with a certificate instead of MSCHAPV2.  This certificate is already installed on all machines in our domain and each user has a personal certificate as well.  This certificate is issued by our CA (active directory PKI).  I want to know if it is possible to have CPPM authenticate against this same certificate and if the process described above is the correct one.  "Certificate signed by a signing authority like AD."

As long as the CA that signed the client certificates is installed in the trust list, you can use it.
Search Airheads
Showing results for 
Search instead for 
Did you mean: