Controllerless Networks

Hi,

 

We have recently purchased a wildcard SSL to replace the generic inbuilt one that has expired.

 

When trying to upload the certificate file, and this happens no matter what options I choose, I receive the attached error. The text is:

 

cert_upload_split_certificate_file_failed.txt

 

I am using the filename.cer that was sent to me by Comodo and I have also tried exporting the certificate but this results in a .PFX file which apparently is not a supported file type.

 

This is my first time around and managing these devices and whilst I have read a number of posts about how to upload a certificate, I continue to receive the above error.

 

Thanks,

 

Jarrod

Please try the procedure here:  http://community.arubanetworks.com/t5/Controller-less-WLANs/How-to-Create-a-Certificate-for-Instant-Captive-Portal-using/ta-p/277025

 

Skip past the openssl down to the part that begins with "To put it into the proper format"

Hi Colin,

 

That allowed me to progress past the error.

 

Now that I have created the .PEM file, it is 'hanging' at "Uploading instant-server-cert.pem..." I've waited a few minutes, as suggested in the article and refreshed the browser but do not see the certificates and can confirm that I still receive the expired certificate error  when connecting.

 

Just for clarification, the .PEM file that I am creating has the following:

* Contents of the .CER file that Comodo sent to me

* Contents of the CA bundle downloaded from Namecheap as they create the bundles for the various certificates that they sell

* Privatekey.key - I'm assuming that this is the CSR? If not, where would I find this since the original CSR was created via IIS as opposed to OpenSSL?

 

According to Namecheap, where we purchased the certificate, it states: If you have your certificate in the PKCS#7 format (appropriate mostly for IIS/Microsoft Exchange), you already have your bundle included into your certificate and do not need to install it separately.

Although I can show that this does not work.

 

Thanks,

Jarrod

 

If you generated your CSR in IIS, you'll need to export the PFX file with a
secure password and then use something like openssl to spit out the private
key by itself.

Thanks Tim.

 

That allowed me to install the certificate but then dropped all access to my AP's. No WiFi access, not physical connection that I could get to work.

 

It appears that the AP's now redirect me to https://comodo as opposed to connecting to them for anything.

 

I've pulled them all down and am currently working out how to reconfigure one to be the main AP and allow AD authentication.

 

Going to be a long night.

After a rebuild we found out that wildcard certificates are not supported on firmware under 6.5 and there is no 6.5 build for the IAP-135 that we are using.

Can you provide the full release version you're running?

Hi Tim,

 

These are the details:

Name:	Aruba Operating System Software
Type:	135
Build Time:	2016-05-06 00:33:22 PDT
Version:	6.4.2.6-4.1.3.0_54915

I have since purchased and installed a standard SSL.

 

Thanks,

Jarrod

Just to confirm, you were trying to use wildcard with an Instant 6.5.x-4.3.x build?

HI Tim,

 

No, I was trying to use a wildcard on the version pasted above as there does not appear to be a 6.5.x version for our IAP 135.

 

When I working with support to understand what caused it, he logged in to download the new version that he advised was the minimum to allow wildcard certificates and the 135 was not listed. I was then told that it was most likely end of life.

 

Thanks,

Jarrod