Security

Reply
Occasional Contributor II

Creating new certificate to be used across multiple controllers

Hi everyone,

 

We have a server certfiicate installed on our controllers that is going to be expiring soon.  Today we've been using the same certificate on every controller we spin up since they all point to our CPPM for the captive portal redirect. 

 

Question I have is, how do I go about creating the CSR to generate a new certificate?  From what I understand, if I generate the CSR on one controller, I can only install the certficate I receive on that one controller and not the others.  Is that correct?  If that is indeed true, how have we been able to install the same, older certficate on brand new controllers we've recently setup?  And what options do we have for creating the CSR then? 

MVP Guru

Re: Creating new certificate to be used across multiple controllers

You'll need to create the CSR + Private Key on a 3rd party server since when you create a CSR on a Controller you cannot extract the private key. You should consider creating the certificate using OpenSSL or similar to allow you to obtain the private key and install on each Controller. I suspect the existing certificate which is installed on your controller has the private key chained within the cert.


ACMP, ACSA, ACDX #985
If my post addresses your query, give kudos:)
MVP Guru

Re: Creating new certificate to be used across multiple controllers

This ASE solution may help to get the CSR done with OpenSSL.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Occasional Contributor II

Re: Creating new certificate to be used across multiple controllers

Thanks for the info guys.  I have followed the openssl method for creating the CSR and private key on a separate system.  The existing, older certificate is a .pem file so you're right that it likely has the private key embedded in it for it to work across all of our controllers.

 

Cheers!

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: