Network Management

Reply
New Contributor

Is it possible to export the private key or the cert-key pair ?

I need to request a new  certificate for an Aruba 3600 controller, but to approve the request my infosec department is asking me to send them the private key or cert-key pair (.p12 or .pfx file).  Is there a way to export this?  Thanks!

Guru Elite

Re: Is it possible to export the private key or the cert-key pair ?

Private keys cannot be exported from the controller. If you need this
functionality, create the key and CSR on an external server.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
New Contributor

Re: Is it possible to export the private key or the cert-key pair ?

Today I was able to get the private key from a controller backup and add it to the CA signed cert and upload it to all of my other controllers after I generated the csr on one of them. I am not sure this is a supported method however it worked for me. Thought I would share.
Occasional Contributor II

Re: Is it possible to export the private key or the cert-key pair ?

I was able to obtain the private key from a controller backup as well and then add it into a .PEM file with the existing certificate and re-import into the controller successfully.

 

Occasional Contributor I

Re: Is it possible to export the private key or the cert-key pair ?

Hi.... How do you obtain the private key from the controller?

Occasional Contributor II

Re: Is it possible to export the private key or the cert-key pair ?

Hi Nan_A,

 

If you take a backup of the controller, un-zip the tar.gz backup file.  Navigate to the "Flash" / "CertMgr" / "ServerCert" folder.  In this folder, find the file whose name is the same as the friendly name you gave to the certificate when it was previously imported into the appliance.  Open the file in a text editor and copy the "Encrypted Private Key" section.  You can then take this value and paste it into a .pem file that contains all of your necessary certificates (root, intermediate, etc.) and re-upload the merged/combined file, containing all certs and the key, back to the controller.

Occasional Contributor I

Re: Is it possible to export the private key or the cert-key pair ?

Thank you "stevepo". I think I have similar issue with "thereisnotry". I generated the CSR from one of the controller.
I got the private key from the controller backup under folder "flash\certmgr\CSR". But this the file is encrypted private key.
I didn't put any passphrase when I create CSR.

@ thereisnoentry: How did you add the key to the signed Cert? Did you decrypt it first and combine it in .pfx format?
and what passphrase would it be?

Occasional Contributor II

Re: Is it possible to export the private key or the cert-key pair ?

Nan_A,

 

If you can obtain your signed cert in .pem format, you should be able to open the .pem in a text editor (Notepad, etc.) and then paste the "Encrypted Private Key" text obtained from the backup into the .pem at the very top and then save it as a new .pem file.  You can then re-import that .pem into the controller.  There was no need to decrypt the key when used in the described fashion.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: