Q:
Why do we notice connection-timed-out or SSL certificate error for the Instant AP not coming up in Aruba Central?
A: We notice few Instant APs are not coming up in Aruba Central.
When we execute the command - show ap debug cloud-server then we will notice the Aruba Central status as connection timed-out.
(Instant AP)#show ap debug cloud-server
IAP mgmt mode :athena-mgmt
cloud config recved :FALSE
autojoin mode :disable
Device Cert status :SUCCESS
Aruba Central server :app1.central.arubanetworks.com
Aruba Central Protocol :HTTPS
Aruba Central status :connection-timed-out
In the output, show log ap-debug we can notice the message "The SSL certificate error" as below and the Instant AP doesn't show up in Aruba Central.
Oct 26 11:59:26 awc[1659]: Message over SSL from app1.central.arubanetworks.com, SSL_read() returned 369, errstr=Success, Message is "HTTP/1.1 400 Bad Request^M Server: nginx^M Date: Wed, 26 Oct 2016 09:59:28 GMT^M Content-Type: text/html^M Content-Length: 224^M Connection: close^M ^M <html>^M <head><title>400 The SSL certificate error</title></head>^M <body bgcolor="white">^M <center><h1>400 Bad Request</h1></center>^M <center>The SSL certificate error</center>^M <hr><center>nginx</center>^M </body>^M </
If we configure the Aruba central server as app2.central.arubanetworks.com using the below command then it would successfully establish SSL with the Aruba central server.
(Instant AP)#debug-cloud-server app2.central.arubanetworks.com
After IAP reboot, it would lose the Aruba Cloud server and it will contact activate and get app1.central.arubanetworks.com and again fail SSL.
The Permanent solution would be to contact Aruba TAC and request to them to change the Aruba Central server as app2.central.arubanetworks.com for the affected Instant AP.