Network Management

Reply
Highlighted
Contributor II

Airwave SSL certificate

Hey everyone. Aruba newbie here.

 

I have seen diffrent methods on how to install a signed certificate for the Aruba Airwave UI. But they all seem a bit much. 

 

I have a certificate and want the green mark in the browser windows (-:, 

 

Just upgraded to the latest version 8.2.6, and in CLI i see option 9 security--> and -->3  Add SSL Certificate, but the only option after this is "c" cancel.

 

Anyone know the simplest method to achieve this ?

 

Thanx

Regards
Jon
MVP Guru

Re: Airwave SSL certificate

Hi,

Follow below artilce to install certificate in 8.2.4 and above version.

 

http://community.arubanetworks.com/t5/Monitoring-Management-Location/How-to-install-a-SSL-certifcate-in-AMP-8-2-4/ta-p/311148

 

 

Regards,
Pavan
If my post address your queries, give kudos and accept as solution!
NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Moderator

Re: Airwave SSL certificate

If you're just installing a SSL cert, then you can use the above path.  In 8.2.6, we added a new path.

 

Security
1 Reset Web admin Password
2 Change OS User Password
3 Add SSL Certificate
4 Add DTLS Certificates
5 Enable FIPS (requires reboot)
6 Show EngineID
7 Module Key
8 Apply STIGs
9 Set MaxAuthTries value for sshd
10 Make OCSP Optional
11 Generate Certificate Signing Request
12 Install Signed Certificate

 

 

Using option 11 under the security menu, you can generate a CSR, then submit that CSR to the signing authority.  When you get the resulting cert, you'll upload it using the upload option off the main menu.  Then install the cert using option 12 under the security menu - NOTE: The file must be in PEM format with the filename extension ".crt"


Rob Gin
Senior QA Engineer - Network Services
Aruba Networks, a Hewlett Packard Enterprise Company
New Contributor

Re: Airwave SSL certificate

Is it possible to specify a SAN when generating the CSR in the new CLI?

 

Regards,

JoeB

Contributor II

Re: Airwave SSL certificate

Do you upload a single PEM file with the cert and intermediate/roots too?

 

TIA.

°(((=((===°°°(((================================================
Moderator

Re: Airwave SSL certificate

@joebunk

We don't currently support generating SAN Cert through this CSR process.  That'd be a feature request currently.

 

@su_A_ve

If you're doing the CSR route, you don't have an option to make changes to the resulting PEM file.  But if you're going the SSL route, then the pkcs12 file you upload should have the cert and intermediates combined.


Rob Gin
Senior QA Engineer - Network Services
Aruba Networks, a Hewlett Packard Enterprise Company
Occasional Contributor I

Re: Airwave SSL certificate

How can I install a wildcard cert for our domain in so that Airwave will use it for the web interface?  I've got the cert into the system but I haven't yet found where to enable it.  (I may not have the cert in correctly, so if there's a specific way to get it working, please describe!)

Thanks.

PH

Moderator

Re: Airwave SSL certificate

Is the wildcard cert generated based on a CSR?  Or is it an SSL wildcard cert?

 

If it's SSL -> then Security -> Add SSL, it'd replace any pre-existing SSL, so if you're trying to add it, you'd have to combine your pre-existing SSL to the wildcard before adding.

 

If it's CSR, then you use the Security -> Install CSR cert option.


Rob Gin
Senior QA Engineer - Network Services
Aruba Networks, a Hewlett Packard Enterprise Company
Occasional Contributor I

Re: Airwave SSL certificate

This is a wildcard cert.  I've been able to upload the files to the box.  Although I can not use '1 Upload File' when I give the SCP server user and file/path, it just gives a generic failed error code. I had to set up to push with sftp using 8 Advanced, 7 Add File Tranfer User.

 

Anyway, 9 Security - 3 SSL Certificate lists the certificate file, but no matter how I have formatted the file so far, I keep getting an error.

 

The file must be in PKCS12 format with ".pfx" or ".p12" filename extension and should contain both the private RSA key and the certificate.)
  1  test.pfx           6,233 bytes  2018-11-20 11:53:07
  c  >> Cancel
Your choice: 1
Enter PKCS12 password:
Error: PKCS12 bundle must contain RSA key.

 

 

What might I be doing wrong here?

Occasional Contributor I

Re: Airwave SSL certificate

Another quick note.  I was able to use the certificate for Security 4 - Add DTLS Certificates and it went through, although that prompt doesn't say anything about the RSA key anyway, just the private key, root certs and intermediate.

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: