Network Management

Reply
Highlighted
New Contributor

Is it possible to export the private key or the cert-key pair ?

I need to request a new  certificate for an Aruba 3600 controller, but to approve the request my infosec department is asking me to send them the private key or cert-key pair (.p12 or .pfx file).  Is there a way to export this?  Thanks!


Accepted Solutions
Highlighted
Moderator

Re: Is it possible to export the private key or the cert-key pair ?

Private keys cannot be exported from the controller. If you need this
functionality, create the key and CSR on an external server.


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

View solution in original post


All Replies
Highlighted
Moderator

Re: Is it possible to export the private key or the cert-key pair ?

Private keys cannot be exported from the controller. If you need this
functionality, create the key and CSR on an external server.


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

View solution in original post

Highlighted
New Contributor

Re: Is it possible to export the private key or the cert-key pair ?

Today I was able to get the private key from a controller backup and add it to the CA signed cert and upload it to all of my other controllers after I generated the csr on one of them. I am not sure this is a supported method however it worked for me. Thought I would share.
Highlighted
Contributor I

Re: Is it possible to export the private key or the cert-key pair ?

I was able to obtain the private key from a controller backup as well and then add it into a .PEM file with the existing certificate and re-import into the controller successfully.

 

Highlighted
Occasional Contributor I

Re: Is it possible to export the private key or the cert-key pair ?

Hi.... How do you obtain the private key from the controller?

Highlighted
Contributor I

Re: Is it possible to export the private key or the cert-key pair ?

Hi Nan_A,

 

If you take a backup of the controller, un-zip the tar.gz backup file.  Navigate to the "Flash" / "CertMgr" / "ServerCert" folder.  In this folder, find the file whose name is the same as the friendly name you gave to the certificate when it was previously imported into the appliance.  Open the file in a text editor and copy the "Encrypted Private Key" section.  You can then take this value and paste it into a .pem file that contains all of your necessary certificates (root, intermediate, etc.) and re-upload the merged/combined file, containing all certs and the key, back to the controller.

Highlighted
Occasional Contributor I

Re: Is it possible to export the private key or the cert-key pair ?

Thank you "stevepo". I think I have similar issue with "thereisnotry". I generated the CSR from one of the controller.
I got the private key from the controller backup under folder "flash\certmgr\CSR". But this the file is encrypted private key.
I didn't put any passphrase when I create CSR.

@ thereisnoentry: How did you add the key to the signed Cert? Did you decrypt it first and combine it in .pfx format?
and what passphrase would it be?

Highlighted
Contributor I

Re: Is it possible to export the private key or the cert-key pair ?

Nan_A,

 

If you can obtain your signed cert in .pem format, you should be able to open the .pem in a text editor (Notepad, etc.) and then paste the "Encrypted Private Key" text obtained from the backup into the .pem at the very top and then save it as a new .pem file.  You can then re-import that .pem into the controller.  There was no need to decrypt the key when used in the described fashion.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: