Wired Intelligent Edge (Campus Switching and Routing)

 View Only
last person joined: one year ago 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of HPE Aruba Networking switching devices, and find ways to improve security across your network.
Back to Library

ArubaOS-Switch - How to use Debugging to Determine which HTTP Certificate is Installed 

Apr 06, 2020 05:18 PM

Requirement:

Aruba 2930F Switch running firmware version‏ WC.16.10.0003



Solution:

In the following example, debugging for Event Messages and ClearPass Policy Manager Messages (CPPM) is enabled, and the CPPM HTTPS certificate is downloaded using the CLI command, “radius-server host 10.0.106.101 clearpass”.



Configuration:

The debugging output displays the PEM file name, a successful download and the name of the certificate that is installed.The contents of the certificate is displayed and decoded.


 ------ Enable Debugging ------


Core-Switch# debug destination session
Core-Switch# debug event
Core-Switch# debug cppm

Core-Switch# show debug

 Debug Logging

  Source IP Selection: Outgoing Interface
  Origin identifier: Outgoing Interface IP
  Destination:
   Session

  Time-stamp: System-Uptime

  Enabled debug types:
   event
   cppm


 ------ Download certificate from ClearPass server ------


Core-Switch# configure terminal
Core-Switch(config)# radius-server host 10.0.106.101 clearpass

0001:22:31:07.34 CPPM mcppmTask:Clearpass CA download request to :
   http://10.0.106.101/.well-known/aruba/clearpass/https-root.pem

I 04/04/20 21:22:50 05811 CADownload: Successfully downloaded the certificate
            from 10.0.106.101 server
0001:22:31:07.64 CPPM mcppmTask:ClearPass 10.0.106.101 server cert
   WIN-FUVI1DQCP99-CA is installed.



Verification


 ------ PEM file Information ------


A Privacy-Enhanced Mail (PEM) is a defacto file format for storing and sending cryptographic keys, certificates, and other data, based on a set of 1993 IETF standards defining "privacy-enhanced mail."

A PEM file must consist of a private key, a CA server certificate, and additional certificates that make up the trust chain. The trust chain must contain a root certificate and, if needed, intermediate certificates. A PEM encoded file includes Base64 data.Oct 14, 2019


------ Display certificate information using web-browser ------


http://10.0.106.101/.well-known/aruba/clearpass/https-root.pem

-----BEGIN CERTIFICATE-----
MIIDFTCCAf2gAwIBAgIQLfl/EE3m/qVH2vHGQDzJfDANBgkqhkiG9w0BAQsFADAd
MRswGQYDVQQDExJXSU4tRlVWSTFEUUNQOTktQ0EwHhcNMjAwMzIxMTUwNzU5WhcN
MjUwMzIxMTUxNzU4WjAdMRswGQYDVQQDExJXSU4tRlVWSTFEUUNQOTktQ0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2BIWVh/JkdMjCOJd1NNJhEpZf
uwMNLBaIGybyDH8nQ2chKx26YmVIbGUi4LxvQahLVRjVveysB6piVNReKM+WsBOt
f3WembGuyzk8OcyZS0kxGjBPpd3ZrlA+6T872pp351710JDM2+cX9+qfu+t+HrOW
oem1D19pEbyZmUJ71MGnOM2mH38yZvfK1Q6177ZIPtXC4pNdvq5Dqy2baFMb0Hdn
CaCnOHuHXjcarOat5ohjqvciqam0tgdIDdrkkGGFN5BNxqho3PGRgPskKhQmkB9r
t2lczB61JOugGicn8lwTKSnDGnD0ZYu3TV8htF0ORGOvCQeDye1Rxoza823NAgMB
AAGjUTBPMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5
TjjE6iTU+jPDAqW/x2yI6GrFxDAQBgkrBgEEAYI3FQEEAwIBADANBgkqhkiG9w0B
AQsFAAOCAQEALlnO8SUhmrZh6cnV2tPVkmp7lzA7eZhKJuj2i7khwGncfOQOK44H
Ab7swmrpCW82W5JlTvmfbVID2d8dTkRGDWbXt/kPj5fKE+W1UxWSZp1HbVsGLekN
zaTApURPeY6kNwaBDhC0PsbsOYCSB0rq+3KSc9FALaUvQqwoYAUhrlCMs9vhn62g
LTH31VAfMtVLhsBPPJx3VjxOsZGDBO/wLvs6wwxAJkaUZIruw+m2KYtmayxXbxwR
c9etCD46YPibMTgg6w7p9ijIRyzL3OhzqHTpgItEvqse+QvlMSmWtZdrgcmZ9Qfk
s5FkoUYPcoz0hmoQ/4vl6R98UaUI18kkmw==
-----END CERTIFICATE-----


------ Display certificate information using website ------


https://certlogik.com/decoder/

RDN    Value
Common Name (CN)    WIN-FUVI1DQCP99-CA
Properties
Property    Value
Issuer    CN = WIN-FUVI1DQCP99-CA
Subject    CN = WIN-FUVI1DQCP99-CA
Valid From    21 Mar 2020, 3:07 p.m.
Valid To    21 Mar 2025, 3:17 p.m.
Serial Number    2D:F9:7F:10:4D:E6:FE:A5:47:DA:F1:C6:40:3C:C9:7C (61110718885876251575280726705558047100)
CA Cert    Yes
Key Size    2048 bits
Fingerprint (SHA-1)    C4:D7:08:6E:68:88:E9:A5:5D:7A:D8:8B:D9:94:01:65:3A:28:31:6E
Fingerprint (MD5)    91:FA:D0:B8:5A:5D:EC:A5:17:D9:A9:E0:88:25:6A:8C
SANS    

 

Statistics
0 Favorited
7 Views
0 Files
0 Shares
0 Downloads

Related Entries and Links

No Related Resource entered.