Wireless Access

last person joined: 3 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

import server, CA certificate

This thread has been viewed 11 times

  • 1.  import server, CA certificate

    Posted Mar 18, 2013 11:44 AM

    Hi,

     

    To import a server- and the trusted CA certificate on the controller. Do we import the 2 seperate or do we made a chained certificate with the server- and CA certficate and import the chained certificate into the controller as a server certificate?

     

    regards

     



  • 2.  RE: import server, CA certificate

    Posted Mar 18, 2013 01:27 PM

    You should be able to do either method.    I usually add them separately, but if there is an intermediate issuing CA, you may need to chain that before importing.    See Aruba KB https://arubanetworkskb.secure.force.com/pkb/articles/HowTo/R-772 for more information.   

     

    Other commentary on this here in the community:

     

     



  • 3.  RE: import server, CA certificate

    Posted Mar 21, 2013 10:26 AM

    HI,

     

    In my case, I have only a ROOT CA.

    So I import the ROOT CA as a trusted CA into the controller.

    Then I import my certificate (that I generate on my ROOT CA) as a server certificate.

    under management, I change the webgui certificate to my server certificate.

     

    Then I logon to the controller. I have no warning message. But next to the url in the explorer, I do see still a certificate error.

     

    This website’s address does not match the address in the security certificate

    This error means that a website is using a certificate that was issued to a different web address. This error can occur if a company owns several websites and uses the same certificate for multiple websites.



  • 4.  RE: import server, CA certificate

    Posted Mar 21, 2013 10:34 AM

    What common name is on the certificate (CN).   It can be seen in the Issued To: field.   Is it the same FQDN name you are typing in the URL?    If not, you'll get a certificate error.

     

     



  • 5.  RE: import server, CA certificate

    Posted Mar 21, 2013 10:36 AM

    I have to check this.

    but I am using the ip address to logon

     

    regards

     



  • 6.  RE: import server, CA certificate

    Posted Mar 21, 2013 10:50 AM

    That would be the reason.  The IP does not match the name the certificate is issued to. 



  • 7.  RE: import server, CA certificate

    Posted Mar 21, 2013 10:53 AM

    will the certificate only work when you use name of the device? Or can we do it also with ip address?



  • 8.  RE: import server, CA certificate
    Best Answer

    Posted Mar 21, 2013 10:57 AM

     

    You should be able to use an IP as the common name of a certificate if you'd prefer (if that is your question); but they are typically FQDNs.



  • 9.  RE: import server, CA certificate

    Posted May 21, 2015 02:44 PM

    Thank-you.  This was very helpful. 

    @clembo wrote:

    You should be able to do either method.    I usually add them separately, but if there is an intermediate issuing CA, you may need to chain that before importing.    See Aruba KB https://arubanetworkskb.secure.force.com/pkb/articles/HowTo/R-772 for more information.   

     

    Other commentary on this here in the community:

     

     

    @clembo wrote:

    You should be able to do either method.    I usually add them separately, but if there is an intermediate issuing CA, you may need to chain that before importing.    See Aruba KB https://arubanetworkskb.secure.force.com/pkb/articles/HowTo/R-772 for more information.   

     

    Other commentary on this here in the community: