Wireless Access

Hi,

Device: Aruba 325

OS Version: 6.4.4.4

I'm trying to generate a CSR and I'm following the ArubaOS 6.4.4.x User Guide.  On page 848 it says:

"In the WebUI 1. Navigate to the Configuration > Management > Certificates > CSR page."

I don't even see a Configuration link.  If I click Maintenance I have a Configuration tab but Management > Certificates is not there.

I also tried to follow the CLI instructions without success.

What am I missing?

Thanks in advance

If you have an IAP (Instant 325), there is no option to create a CSR.  Please see the post here:  https://community.arubanetworks.com/t5/Controller-less-WLANs/ArubaOS-Default-Certificate-Revocation-FAQ-Instant/ta-p/275814

Thanks for the response Colin.

I would like to install a private cert. 

"1 – While a self-signed or private certificate can be used for captive portal, it is not recommended as guests will not have the certificate and/or root CA installed and will receive a certificate error."

I'm not concered about the captive portal as I'm the only person who will access this. The reason I'm trying to do this is because our vulnerability scanner flagged this. 

Vulnerability Description:
The server's TLS/SSL certificate is self-signed. Self-signed certificates cannot be trusted by default, especially because TLS/SSL man-in-the-middle attacks typically use self-signed certificates to eavesdrop on TLS/SSL connections.

Vulnerability Solution:
Replace TLS/SSL self-signed certificate

Obtain a new TLS/SSL server certificate that is NOT self-signed and install it on the server. The exact instructions for obtaining a new certificate depend on your organization's requirements. Generally, you will need to generate a certificate request and save the request as a file. This file is then sent to a Certificate Authority (CA) for processing.

CVE IDs: N/A

Nexpose Vulnerability IDs: ssl-self-signed-certificate

We have an internal CA, I just need to generate the CSR. Without that being an option with Aruba Instant it looks like my only option is to obtain a public cert? Which doesn't really make sense given the scope of this.

Are there any versions of firmware where this could work or is it strictly not available in Aruba Instant?

Any advice is apprecaited. Thanks

There are ways to generate a server certificate without generating a CSR on most platforms.  Depending on your CA, you might have to search to find out how to do it.

Thanks I'll follow up with that team.

Alternatively, you can just follow the instructions here   http://community.arubanetworks.com/t5/Controller-less-WLANs/How-to-Create-a-Certificate-for-Instant-Captive-Portal-using/ta-p/277025 with Open SSL and submit the result of that CSR to your team.  Follow the instructions to create a .pem file and upload to the Instant virtual controller.

Following the OpenSSL method referenced above I was able to generate a CSR and send it to our internal CA. When I tried to upload it to the instant virtual controller I got an error (see screenshot).

I I verified the cert being valid with https://www.sslshopper.com/certificate-decoder.html.  Any advice is appreicaed. 

Thanks,

Andres

Please try the method here:  http://community.arubanetworks.com/t5/Controller-less-WLANs/How-to-Create-a-Certificate-for-Instant-Captive-Portal-using/ta-p/277025