Network Management

last person joined: yesterday 

Keep an informative eye on your network with HPE Aruba Networking network management solutions
Back to discussions
Expand all | Collapse all

[How-to] Using Airwave GUI with a enterprise CA signed certificate

This thread has been viewed 14 times

  • 1.  [How-to] Using Airwave GUI with a enterprise CA signed certificate

    Posted May 13, 2016 03:48 PM

    Hi community,

     

    I was looking for a way to solve this and wanted to let you participate in my solution.

     

    Scenario: We're running our AD based enterprise certificate authority and I'm looking to have most HTTPS webinterfaces running with a certificate from our CA. Our browsers have the root CA certificate deployed and so will trust all subordinate certificates. Out of the box Airwave runs with a self-signed certificate (I really hate saving exceptions for self-signed certificates in Firefox :-) ). Actually we're running Airwave 8.2.0.1 but I'm confident that this applies to other versions too. The important steps are common OpenSSL operations. You should already have some knowledge about certificates and so on.

     

    Step 1: Understanding the webserver. Airwave is using a reverse proxy server called pound which listens to port 443. Looking into the config at /etc/pound.cfg shows that there is a certificate in use located under /etc/httpd/conf/ssl.pem

    Step 2: Grabbing the private key. The pre-deployed private key is located at /etc/pki/tls/private/localhost.key but is also included in the second half of certificate file /etc/httpd/conf/ssl.pem. You need this key for creating the certificate signing request (CSR)

    Step 3: Creating the CSR. /usr/bin/openssl req -out airwave.yourdomain.com.csr -new -key /etc/pki/tls/private/localhost.key With this command you're going to create a CSR using the available private key. The following dialogue requires different information, most important the CN which is the FQDN of your Airwave server.

    Step 4: Signing the certificate. You can now use the CSR to be signed at your private (respectively your enterprise CA) or public CA.

    Step 5: Installing the certificate. You will need the certificate in PEM format (BASE64 encoded). For backup reasons please copy the existing certificate with something like this cp /etc/httpd/conf/ssl.pem /etc/httpd/conf/backup.pem. Now start editing the ssl.pem file. vi /etc/httpd/conf/ssl.pem The first part is the certificate, you can identify it with these start and end markers:

    -----BEGIN CERTIFICATE-----

    -----END CERTIFICATE-----

    Replace the content within the markers with the equivalent from your new certificate.

     

    Step 6: Restart pound. You're almost done. /etc/init.d/pound restart

     

    Now you can access the Airwave webinterface and the certificate is issued by your enterprise CA.

     

    Cheers

    cruzr



  • 2.  RE: [How-to] Using Airwave GUI with a enterprise CA signed certificate

    Posted Jul 08, 2016 11:20 AM

    Or you can just follow the process that has been actually written by Aruba a while ago.

     

     

    http://community.arubanetworks.com/t5/Monitoring-Management-Location/How-to-install-your-own-certificate-on-Airwave-with-Alternate/ta-p/234595

     

     



  • 3.  RE: [How-to] Using Airwave GUI with a enterprise CA signed certificate

    Posted Aug 14, 2017 09:31 AM

    Has this changed in Airwave 8.2.4?

    I suspect pound has been replaced with something else, as there is no config file under /etc.

    Can I "copy/paste" the above instruction to my 8.2.4?