Network Management

Reply
Moderator

Re: Airwave SSL certificate

The error statement says that the cert bundle is missing the RSA key.

 

DTLS certs aren't the same as regular SSL certs.  SSL certs are for communication to the AMP UI through httpd and nginx.  While DTLS certs is for secure AMON that uses a different communication route created specifically for that feature.


Rob Gin
Senior QA Engineer - Network Services
Aruba Networks, a Hewlett Packard Enterprise Company
Occasional Contributor I

Re: Airwave SSL certificate

Hey Rob,

 

That's the question - why doesn't the system see the RSA key?  I have used several methods to create the bundle I include the key with them each time.  Is there a specific procedure to getting the bundle put together for a wildcard cert that I could use to get this working?

I've imported the same cert w key in the GUI under Device Setup - Certificates without an error, but I can't seem to tell it to use that cert for the HTTPS traffic.

 

Note that I can also attempt to import the cert without the key on the GUI and I get the Certificate file is missing private key error as expected.  The one with the key imports and shows up properly here, but gives the RSA error on the CLI.  Is it time for a support ticket?

Moderator

Re: Airwave SSL certificate

Validations are different between UI and CLI.  Probably best to open a TAC case at this point.


Rob Gin
Senior QA Engineer - Network Services
Aruba Networks, a Hewlett Packard Enterprise Company
Occasional Contributor I

Re: Airwave SSL certificate

FYI - my issue was resolved.  There was a bug:

 

bug #DE32144 in 8.2.7.1 version, patch file was released.

 

TAC applied the patch and recompiled the software, and the certificate is now active.  

 

Thanks for the help.

Occasional Contributor II

Re: Airwave SSL certificate

what if you use a 3rd party cert management tool to handle the CSR and you need to install both the cert and private key? I download both in the PEM file but you mention the file to install needs to just be the identity cert 9.crt). Can I also get the private key and root chain installed in some way using option 11? 

Moderator

Re: Airwave SSL certificate

That'd be a feature request to handle that scenario.  We do have our own CSR route built, but not one that takes an external CSR private key.

 

If you need to go that route, support can assist to put the pieces into place, but a feature request should still be submitted.


Rob Gin
Senior QA Engineer - Network Services
Aruba Networks, a Hewlett Packard Enterprise Company
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: