How do I generate, install, and manage a certificate for the controller?
Product and Software: This article applies to all Aruba controllers and ArubaOS 3.x.
To generate, install, and manage a certificate for the controller, follow these steps:
1) Generate the CSR on the controller.
Fill all the fields for the CSR information. Ensure that you do not use abbreviations for State/Province. Some Certificate Authorities (such as, VeriSign) do not accept abbreviations of this field. Click Generate New.
2) Click View Current to view the CSR.
3) Copy the text from "-----BEGIN CERTIFICATE REQUEST-----" to "-----END CERTIFICATE REQUEST-----" (including these two lines as well).
This text will be send to your preferred certificate authority (CA). You can also saved it using any text editor and send it to your CA as an attachment.
4) The following are the preferred cetificate options:
- Server-type: Apache
- Purpose: Web Server
- Type: PEM
5) After you submit the CSR to the CA, the CA will provide the signed copy of the certificate, and you can now upload the signed certificate to the controller using the Web management interface.
6) You can use the new certificate loaded for captive portal authentication, WebUI Management Authentication, or 802.1x termination. The following screens illustrate the options available on the management user interface.
Certificates could be signed by an intermediate CA, which may not be trusted by the stations. In this case, you will need to chain the certificate before uploading it to the controller. Obtain the intermediate CA certificate from your CA in PEM format or else you must convert the certificate using a tool like openSSL.
To chain the certificate, append the intermediate CA certificate into the signed server certificate provided by your CA using any text editor, save the file, and follow step 5 to upload the chained certificate to the controller.