Wireless Access

Hi All!

I'm using a set of Aruba IAP-225 Access Points with a Virtual Controller.
My Network has  WPA2-Enterprise 802.1X encryption.

Recently I saw information online  that the certificate shipped with the device was compromised and is not safe to use.
I wanted to change it with my own one and encountered a problem.

The WebUI only let's me upload the certificate but not manage them.
The tutorial says that using the 'clear-cert' CLI command I can erase certificates, but it only let's me delete the ones I uploaded myself not the ones that were put there by the manufacturer.

Am I missing something?
Is there a way to change the default certificate that is used for WPA2-Enterprise encryption?

I get this error if I try to chose anything other than CA.

Is there a radius server in your environment?

No, I use ldap integration directly from the Virtual Controller.

Where did you obtain your certificate?

What format is it in?

Bought it on GoDaddy.

Hello All,

Ok so I've tried all the instructions I could find on using Openssl to create a self signed certificate to use temporarily until we purchase our new certificate. When I try uploading it says wrong format. Any suggestions before I contact support?

Did you follow the instructions here: https://community.arubanetworks.com/t5/Controller-less-WLANs/ArubaOS-Default-Certificate-Revocation-FAQ-Instant/ta-p/275814

Yes, I did. There were also 2 other instructions I followed as well with the same result. I combined the keys and certs as instructed as well. Does this maybe have to be imported through CLI instead of the Virtual Controller GUI?

Yes, I tried to upload a combined *.pem file.

Make sure you output your crt and key in PEM format.

1. use openssl to convert the crt file to a pem file
   

   openssl x509 -outform PEM -in server.crt -out server.crt.pem

2. use openssl to convert the key file to a pem file, keep in mind that you change x509 for rsa
   

   openssl rsa -outform PEM -in server.key -out server.key.pem

3. also convert any CA you want to incorporate into the new pem file, just use the first example at step 1
4. now paste all the content from the pem files into 1 combined file
5. now upload the new pem file to the (virtual)controller
6. if all went well the controller will restart it's internal webserver and you can now connect to the CN of your certificate on port 4343

So, I am trying to create a self-signed certificate. So I've tried strating up a linux box with Openssl. I setup a CA authority using instructions https://jamielinux.com/docs/openssl-certificate-authority/introduction.html. I created according to the instructions. Then I followed https://community.arubanetworks.com/t5/Controller-less-WLANs/ArubaOS-Default-Certificate-Revocation-FAQ-Instant/ta-p/275814. Successfully created a *.pem file with the private key, public cert and the intermediate root ca. I upload and get a message that the format is incorrect. The instructions to create a self-signed cert doesnt seem to work either located. http://community.arubanetworks.com/t5/Controller-Based-WLANs/How-do-I-generate-an-OpenSSL-self-signed-certificate-in-pem/ta-p/177148 and I cannot find a guide or instructions that are clear and simple to follow that works. It is worthy to note that we are not using clearpass. We are using a dell switch with virtual controller.

Actually this helped.
I'm gonna see if I did everything correctly with the cerftificate I bought.