Wireless Access

Reply
Occasional Contributor I

Certificate Signing Request with ECDSA P-384 and SHA-384

Is it possible to create a Certificate Signing Request for ECDSA P-384 and SHA-384 with the Aruba Mobility Controller 72xx series?

 

It appears to be limited to SHA-256 as a maximum.

Guru Elite

Re: Certificate Signing Request with ECDSA P-384 and SHA-384

Do you mean this?

 

ec.png

 

http://www.arubanetworks.com/techdocs/ArubaOS_65x_WebHelp/Web_Help_Index.htm#ArubaFrameStyles/Management_Utilities/Managing_Certificates.htm?Highlight=csr


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Occasional Contributor I

Re: Certificate Signing Request with ECDSA P-384 and SHA-384

Thank you for the reply but from my understanding, that may be SHA2 but not at 384. If you generate a CSR with that, I think you will find it is SHA-256. I could be wrong, it may be I'm running an older version of code or have a licensing issue. I'm new to Aruba.

Judging by the Open SSL documentation, it should list ecdsa-with-SHA384.I think Aruba uses Open SSL due to the similarity in the command line.

Here is a link that discusses the Open SSL capability.

http://stackoverflow.com/questions/16818014/generate-csr-with-secp384r1elliptic-curve-key-and-sha384-hash-signature

Being new to Aruba, I don't know of any way to get this rone.

Guru Elite

Re: Certificate Signing Request with ECDSA P-384 and SHA-384

In most cases, it's recommended to do the CSR on an external server so you can back up the private key and/or use the certificate on your other controllers.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Guru Elite

Re: Certificate Signing Request with ECDSA P-384 and SHA-384

Agreed,

 

Just generate your own CSR offline.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Occasional Contributor I

Re: Certificate Signing Request with ECDSA P-384 and SHA-384

Thanks, got it.

 

On a different device:

Create keys as exportable

Create CSR

Apply for certificate using CSR

Import keys on controller

Import certificate on controller

 

Show some care when doing this, certificates are tied to DNS.

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: