Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Web GUI certificate error - X509 certificate is needed to access this system

This thread has been viewed 3 times

  • 1.  Web GUI certificate error - X509 certificate is needed to access this system

    EMPLOYEE
    Posted Apr 07, 2020 08:45 AM

    Hi!

     

    I am trying to setup up certificate based authentication for the Aruba Mobility Controller Web GUI but I am still receiving the error that my client browser doesn't seem to have the X.509 certificate it needs.

     

    I have imported the client certificate into the browser successfully  and also installed the client certificate in the controller (as Trusted CA) and set the Web GUI access to be based only on client certificate.

     

    I noticed initially in the browser imported certificate that it didn't have "client authentication" box checked, which I have now changed.

     

    Any ideas why I am still getting the error?

     

    Have I imported the client cert as the wrong type?

     

    Last question, isn't it possible to have both cert-based and username/password authentication methods active at the same time? Seems to be one or other.

     

    Thanks in advance,

    Scott

     



  • 2.  RE: Web GUI certificate error - X509 certificate is needed to access this system

    EMPLOYEE
    Posted Apr 07, 2020 03:18 PM

    HI Scott,

     

    We see this error when there are no Management Users with Certificate Authentication configured.

     

    If you are using 8.x controller, you can go to Configuration->System->Admin->Management User->Show users with certificate authentication

     

    Here add the username, role, Root CA and serial number of the client certificate(without delimiters or spaces)

     

    main.pngsub.png

     



  • 3.  RE: Web GUI certificate error - X509 certificate is needed to access this system

    MVP EXPERT
    Posted Apr 07, 2020 05:08 PM
      |   view attached

    Hi Scott,

     

    Did you set your certificate in the "WEBUI AUTHENTICATION" part.?

    See attachment...

     

    Hope this help you!

     



  • 4.  RE: Web GUI certificate error - X509 certificate is needed to access this system
    Best Answer

    EMPLOYEE
    Posted Apr 08, 2020 09:34 AM

    Hi Marcel,

     

    Thanks for replying. The server certifcate is not the problem and was set to the default one.

     

    The problem was related to the clients certificate which I imported. Initially I had only imported just the public key signed certificate but not the private key.

     

    To solve this I created using openssl a PKCS#12/PFX file which contains both the private key as well as the certificate. Once I did this and reloaded the browser, the SSL handshake including the client certificate authentication worked and I received the login button.

     

    Regards,
    Scott



  • 5.  RE: Web GUI certificate error - X509 certificate is needed to access this system

    EMPLOYEE
    Posted Apr 08, 2020 09:39 AM

    Hi!

     

    Thanks for your reply. I had already setup a mgmt user with certificate authentication as you described.

     

    I managed to fix the problem this morning and it turned out to be a client certificate issue in the browser, I hadn't imported the private key for self-signed certificate. To do this I had to create a PKCS#12 file which contains both the private key and certifcate and imported this.

     

    Once done, I reloaded the browser and immediately the login prompt was displayed and I could connect with the setup user account.

     

    Thanks for your support,

    Scott