Aruba Central - Configuration using Templates

MVP Expert
MVP Expert
Requirement:

How to map a certificate to Instant AP using template configuration?



Solution:

This article applies to all Instant APs which are provisioned and managed by Aruba Central.



Configuration:

Below are the steps to map/upload a certificate to an Instant cluster which is managed by Aruba Central and provisioned to a Template Group.

1. Navigate to Global Settings -> Certificates and upload the certificate you want to map to specific Template Group.

2. Once the certificate is uploaded, make a note of the cert name and the checksum value from the same location. Here the name is "webcert" and checksum value corresponds to that cert.

3. Move to the corresponding template group and you can configure any of the below option in the template

server-cert-checksum <cert-name/checksum value>
ca-cert-checksum <cert-name/checksum value>
cp-cert-checksum <cert-name/checksum value>
radsec-cert-checksum <cert-name/checksum value>
radsec-ca-checksum <cert-name/checksum value>

All the above commands can be used to map any type of certificate to Instant AP.

 

 

 

 



Verification

Once the certificate is uploaded to the template configuration, get into the AP console to verify if the certificate is being pushed to Instant cluster or not.

Aruba# show cert all                                                                                                                   
                                                                                                                                       
Current Server Certificate:                                                                                                            
Version       :3                                                                                                                       
Serial Number :5D:BA:62:7D:74:47:67:83                                                                                                 
Issuer        :/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate
 Authority - G2                                                                                                                        
Subject       :/OU=Domain Control Validated/CN=clearpass.la.gov                                                                        
Issued On     :Aug 23 17:41:00 2017 GMT                                                                                                
Expires On    :Aug 23 17:41:00 2020 GMT                                                                                                
Signed Using  :SHA256-RSA                                                                                                              
RSA Key size  :2048 bits                                                                                                               
                                                                                                                                       
Version       :3                                                                                                                       
Serial Number :                                                                                                                        
Issuer        :/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Authority - G2                           
Subject       :/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Authority - G2                           
Issued On     :Sep  1 00:00:00 2009 GMT                                                                                                
Expires On    :Dec 31 23:59:59 2037 GMT                                                                                                
Signed Using  :SHA256-RSA                                                                                                              
RSA Key size  :2048 bits                                                                                                               
                                                                                                                                       
Version       :3                                                                                                                       
Serial Number :07                                                                                                                      
Issuer        :/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Authority - G2                           
Subject       :/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate
 Authority - G2                                                                                                                        
Issued On     :May  3 07:00:00 2011 GMT                                                                                                
Expires On    :May  3 07:00:00 2031 GMT                                                                                                
Signed Using  :SHA256-RSA                                                                                                              
RSA Key size  :2048 bits                                                                                                               
                                                                                                                                       
Default CP Server Certificate:                                                                                                         
Version       :3                                                                                                                       
Serial Number :01:DA:52                                                                                                                
Issuer        :/C=US/O=GeoTrust Inc./OU=Domain Validated SSL/CN=GeoTrust DV SSL CA                                                     
Subject       :/serialNumber=lLUge2fRPkWcJe7boLSVdsKOFK8wv3MF/C=US/O=securelogin.arubanetworks.com/OU=GT28470348/OU=See www.geotrust.co
m/resources/cps (c)11/OU=Domain Control Validated - QuickSSL(R) Premium/CN=securelogin.arubanetworks.com                               
Issued On     :May 11 01:22:10 2011 GMT                                                                                                
Expires On    :Aug 11 04:40:59 2017 GMT                                                                                                
Signed Using  :SHA1-RSA                                                                                                                
RSA Key size  :2048 bits                                                                                                               
                                                                                                                                       
Version       :3                                                                                                                       
Serial Number :02:36:D2                                                                                                                
Issuer        :/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA                                                                             
Subject       :/C=US/O=GeoTrust Inc./OU=Domain Validated SSL/CN=GeoTrust DV SSL CA                                                     
Issued On     :Feb 26 21:32:31 2010 GMT                                                                                                
Expires On    :Feb 25 21:32:31 2020 GMT                                                                                                
Signed Using  :SHA1-RSA                                                                                                                
RSA Key size  :2048 bits                                                                                                               
                                                                                                                                       
Version       :3                                                                                                                       
Serial Number :02:34:56                                                                                                                
Issuer        :/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA                                                                             
Subject       :/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA                                                                             
Issued On     :May 21 04:00:00 2002 GMT                                                                                                
Expires On    :May 21 04:00:00 2022 GMT                                                                                                
Signed Using  :SHA1-RSA                                                                                                                
RSA Key size  :2048 bits                                                                                                               
                                                                                                                                       
Device Certificate:                                                                                                                    
Version       :3                                                                                                                       
Serial Number :25:F1:A9:EB:00:00:00:5D:72:5B                                                                                           
Issuer        :/UID=com/UID=arubanetworks/UID=ca/CN=DEVICE-CA1                                                                         
Subject       :/CN=AX0532939::9c:1c:12:c5:b8:2c                                                                                        
Issued On     :Nov 12 18:52:05 2013 GMT                                                                                                
Expires On    :Sep 14 03:21:14 2032 GMT                                                                                                
Signed Using  :SHA1-RSA                                                                                                                
RSA Key size  :2048 bits  

From this output you can see the "Current server certificate" has been changed after we uploaded it to the template configuration whereas the "default CP server certificate" and "device certificate" remains to be default.

 

Version history
Revision #:
2 of 2
Last update:
‎03-18-2019 10:09 PM
Updated by:
 
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: