Controllerless Networks

Reply
Highlighted
Occasional Contributor I

Instant OS - Generating SSL Cert Private Keys Using macOS 10.13/10.14

This is a note/FYI for anyone attempting to generate encrypted private keys and CSR for use with Aruba Instant OS 6.5, using macOS 10.13 or 10.14 (High Sierra, Mojave). I spent the last few days struggling with this issue and figured I would share my experience and workaround, for anyone else who gets stumped here. These notes are in reference to this article, which is otherwise correct and helpful:

 

https://community.arubanetworks.com/t5/Controller-less-WLANs/How-to-Create-a-Certificate-for-Instant-Captive-Portal-using/ta-p/277025

 

The version of OpenSSL which ships with macOS 10.13/10.14 (LibreSSL 2.6.5) generates encrypted private keys, which as far as I can tell, are not compatible with Aruba Instant OS 6.5. Uploading a PEM certificate bundle to the Instant Controller GUI containing an encrypted private key generated using OpenSSL on these macOS versions will result in the error "cert_upload_error_in_rsa_key_validation".

 

After many days of struggling with this error, I decided to try generating keys using the older macOS 10.12 Sierra, which ships with a different OpenSSL version/library (OpenSSL 0.9.8). These keys and subsequent certificate imported successfully to the Aruba Instant Controller GUI without error.

The difference between the two encrypted private key formats is visible. Keys generated with older versions of OpenSSL start with:

 

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,XXXXXXXXXXXXXXXX

While keys generated using OpenSSL in macOS 10.13/10.14 do not contain the first two header lines for Proc-Type and DEK-Info but instead start with:

 

-----BEGIN ENCRYPTED PRIVATE KEY-----

Directly followed by the key.

MVP Guru

Re: Instant OS - Generating SSL Cert Private Keys Using macOS 10.13/10.14

Did you report this to Aruba TAC?

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Occasional Contributor I

Re: Instant OS - Generating SSL Cert Private Keys Using macOS 10.13/10.14

It has been reported to HP Enterprise/Aruba support. Case number is: 5336105177.

 

Thanks,

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: