Controllerless Networks

Reply
New Contributor

Error uploading certificate to IAP

I'm getting an error when trying to upload a pem file created using the directions in this article - https://community.arubanetworks.com/t5/Controller-less-WLANs/How-to-Create-a-Certificate-for-Instant-Captive-Portal-using/ta-p/277025.

 

The error I get when I attempt to upload is "cert_upload_error_in_rsa_key_validation_-_-14_txt".  I have tried the process outlined in the article above multiple time thinking I must be doing something wrong.  I've scoured the internet for this error message and get no results.  Does anyone know what my problem might be?

 

Thanks in advance!

 

Nathan

MVP Guru

Re: Error uploading certificate to IAP

Do you have your key encrypted like in the referred document? Could it be that the passphrase is incorrect? Or that the key and the certificate don't match up?

 

If there is someone you trust to share the file with that you try to upload, it's probably a logical reason. With just the error, it is hard to solve.

 

Your Aruba partner, or Aruba support should be able to help you to assist with this.

 

 

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
New Contributor

Re: Error uploading certificate to IAP

Thanks for your response.  I've tried the private key both encrypted and unencrypted.   I tested the cert and private key to make sure they match using openssl and they do match.

 

There are a number of articles that outline how to do this and they all seem to contradict themselves in one way or another.  If I had to guess, I think my problem is the formatting of the file I'm trying to upload.  I've tried to put the certificates in the pem file in different orders to no avail.  Can you tell me the proper order to place the certs (Public, Intermediate, Root, Private Key?) and does if have to have the .pem extension or can it be .crt?  I've tried .pfx format and that didn't work. 

 

I just read that I only need the public cert and private key also but haven't tried that.  Do you know if this is true? 

 

Thanks again for any help!

MVP Guru

Re: Error uploading certificate to IAP

What I do is:

 

-----BEGIN PRIVATE KEY-----
Private key here; I assume it can be a the end as well, I prefer to stick it here. It can be encrypted or unencrypted, if encrypted the passphrase should match
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
Server certificate here, issued by intermediate 1
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Intermediate 1 certificate here, issued by the root CA
-----END CERTIFICATE-----

You should not need to include the root CA, it should not really hurt or prevent the certificate from loading. What possibly does prevent the certificate from loading can be any additional text in between the ---END-- and ---BEGIN--- lines. When you export with openssl, it can put additional certificate information in text. Remove all that additional stuff.

 

If you have additional intermediates, put them in order from the server cert (intermediate that issued the server cert first after the sever cert) to the root (intermediate issued by the CA root as last).

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Occasional Contributor I

Re: Error uploading certificate to IAP

Hello nboothe, 

i m running in the same issue, did you solve that problem ? 

 

regards,

thanks

 

New Contributor

Re: Error uploading certificate to IAP

I have not.  Did you get your certificate from GoDaddy?  I'm not sure what the problem is.  I inherited this wireless network so I'm beginning to think there is something else wrong that is causing this.  I've tried everything I can think of.  If you figure it out I'd appreciate knowing what you did.  I'll do the same if I figure it out.

Highlighted
MVP Guru

Re: Error uploading certificate to IAP

The issue appeared to be a formatting issue in the import file. Some generic recommendations if you get import errors:

 

- line-ends in the import file should be either DOS (CR+LF) or UNIX (LF). If you create the file on a UNIX system or MAC, or in Notepad on Windows, that should be good. With Notepad++ on Windows, you can select the line-ends.

- When you receive certificates, sometimes there is a header that describes the certificate. Make sure that your import file has only the certificates itself as I showed above:

-----BEGIN RSA PRIVATE KEY-----
MII.......
<Private key here; I assume it can be a the end as well, I prefer to stick it here. It can be encrypted or unencrypted, if encrypted the passphrase should match>
............BJD1DnCs2W -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIEfTCCA2WgAwIBAgIDG+cVMA0GCSqGSIb3DQEBCwUAMGMxCzAJBgNVBAYTAlVT
<Server certificate here, issued by intermediate 1> qm5vjLyb4lddJIGvl5echK1srDdMZvNhkREg5L4wn3qkKQmw4TRfZHcYQFHfjDCm
rw==
-----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIE0DCCA7igAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMx
EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoT
EUdvRGFkZHkuY29tLCBJbmMuMTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRp
<Intermediate 1 certificate here, issued by the root CA>
GIo/ikGQI31bS/6kA1ibRrLDYGCD+H1QQc7CoZDDu+8CL9IVVO5EFdkKrqeKM+2x
LXY2JtwE65/3YR8V3Idv7kaWKK2hJn0KCacuBKONvPi8BDAB -----END CERTIFICATE-----

Remove everything that is in front of the BEGIN or after the END lines of the initial file so you only keep like the example above with END and BEGIN lines head-to-head without anything in between.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: