Requirement:
The Aruba controllers should be running Minimum AOS: 6.1.x or above
Solution:Below Steps helps us to install a custom certificate on Aruba controller from the Command Line Interface(CLI).
Step 1:
Copy the respective certificate from the local system to the flash of the Controller
Step 2:
Import the Certificate in the Flash
Step 3:
Install the Certificate
Configuration:Step 1:
Syntax:
(Aruba) #copy tftp: <ip address> <Source File Name> flash: <Destination Filename>
Example:
(Aruba) #copy tftp: 10.1.1.22 ManiServerCert.pem flash: ManiServerCert.pem
Step 2:
Syntax:
(Aruba) #crypto pki-import <Cert format> <certificate type> <Name of the Cert> <Filename of the cert imported>
Certificate Format:
der Import certificate in DER format
pem Import certificate in x509 PEM format
pfx Import certificate in PKCS12 aka PFX format
pkcs12 Import certificate in PKCS12 format.
pkcs7 Import certificate in PKCS7 format.
Certificate Type:
CRL Import a Certificate Revocation List
IntermediateCA Import a intermediate CA certificate
OCSPResponderCert Import a OCSP Responder certificate
OCSPSignerCert Import a OCSP Signer certificate
PublicCert Import a public certificate
ServerCert Import a server certificate
TrustedCA Import a trusted CA certificate
Example:
(Aruba) #crypto pki-import pem serverCert RadiusServerCert ManiServerCert.pem
Step 3:
Syntax:
(Aruba) #crypto-local pki <Cert Type> <Name of the Cert> <Filename of the cert imported>
Certificate Type:
CRL Configure a Certificate Revocation List
IntermediateCA Configure an intermediate CA certificate
OCSPResponderCert Configure a OCSP Responder certificate
OCSPSignerCert Configure a OCSP Signer certificate
PublicCert Configure a public certificate
ServerCert Configure a server certificate
TrustedCA Configure a trusted CA certificate
global-ocsp-signer-cert Configure the global OCSP signer cert to sign OCSP responses
rcp Configure revocation check point
service-ocsp-responder Enable/Disable OCSP Responder service
Example:
(Aruba) #configure terminal
Enter Configuration commands, one per line. End with CNTL/Z
(Aruba7030) (config) #crypto-local pki serverCert RadiusServerCert ManiServerCert.pem
Verification
(Aruba) #show crypto-local pki <Cert Type>
Cert Type:
CRL Show Certificate Revocation List
IntermediateCA Show an intermediate CA certificate
OCSPResponderCert Show a OCSP Responder certificate
OCSPSignerCert Show a OCSP Signer certificate
PublicCert Show a public certificate
ServerCert Show a server certificate
TrustedCA Show a trusted CA certificate
crl-stats Show CRL requests stats
ocsp-client-stats Show OCSP client stats
rcp Show revocation check point
service-ocsp-responder Show OCSP Responder service status
Example:
(Aruba) #show crypto-local pki serverCert
Certificates
------------
Name Original Filename Reference Count Expired
-------------- ----------------- --------------- -------
RadiusServerCert ManiServerCert.pem 0 No