Wireless Access

last person joined: 17 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Move certificates to another controller

This thread has been viewed 4 times

  • 1.  Move certificates to another controller

    Posted Nov 18, 2011 11:25 AM

    Hi,

     

    after an RMA i need to transport the controller certs to a newly configured controller.

     

    What i like to do is:

     

    - get flashbackup from running controller

    - unpack it

    - copy certs, csr, and private key to the appropriate places in the certmgr folder

    - repack it to flashbackup.tar.gz

    - copy back to controller

    - restore flash

    - reboot

     

    I tried this, but i still have the old CSR as if nothing had been restored. Maybe modifying the flashbackup.tar.gz is not possible?

     

    Has anyone experience with this?

     

    Best regards,

    Andreas



  • 2.  RE: Move certificates to another controller

    EMPLOYEE
    Posted Nov 18, 2011 11:29 AM

    Is the flashbackup.tar.gz from the old controller that you sent back?

     

    If so, you are making this much harder than it needs to be. You can just restore the flashbackup.tar.gz to the new controller. I did this a couple weeks ago. Certs showed up without an issue. No need to do anything else.

     

    Zach



  • 3.  RE: Move certificates to another controller

    Posted Nov 22, 2011 05:15 PM

    Hi,

     

    yes, i also think i am making this much harder. ;-)

     

    Situation is like this: i configured a controller including generation of certs. then it went down due to hardware damage and got rma'd. meanwhile we configured a replacement controller and did a lot of changes to the config. so, i thought i could just take the backup of the broken controller, take out the certs including private key and CSR and reinject it to the new config.

     

    but that did not work. i suppose the repackaging of the tar.gz went wrong. but i think the question is of general interest since i wonder now if it is possible to take a flashbackup.tar.gz, change it, and repackage it.

     

    wondering,

    andreas



  • 4.  RE: Move certificates to another controller

    EMPLOYEE
    Posted Nov 22, 2011 06:08 PM

    Well, if you move the flashbackup.tar.gz from one controller to another, the procedure should  be:

     

    (1)  Make sure the new controller is the same platform as the old (3000 series to 3000 series, etc).  Make sure it is also the same version of code as the old if possible.

    (2) copy the flashbackup.tar.gz  fileoff the first controller and to the new controller

    (3) restore the backup to the new controller and paste in the new controller's licenses before you reboot (DO NOT type "write mem")

    (4) Reboot the Controller, once again, without typing write mem

    (5) The New controller should be just like the old.

     

    Each step is crucial.

     



  • 5.  RE: Move certificates to another controller

    Posted Dec 02, 2011 02:14 AM

    Hi,

     

    yes, that is the procedure on how to move the flashbackup to another controller. What i am trying to do is:

     

    (1) Take the flashbackup from my new and configured controller.

    (2) Replace just the controller CSR file inside that controller with the CSR from the backup of the old one.

    (3) Copy that flashbackup back to my controller and have the CSR

     

    What is different here, is that i have to unpack and repack the tar.gz file. And i have the feeling that this is the step that does not work, so that i again have the CSR on the controller which i hoped to replace.

     

    Regards,

    Andreas

     



  • 6.  RE: Move certificates to another controller

    EMPLOYEE
    Posted Dec 02, 2011 04:03 AM

    You are right.  That does not work; unpacking and then repacking.  If you just do a full replacement, you can start from there.