Network Management

 View Only
last person joined: 14 hours ago 

Keep an informative eye on your network with HPE Aruba Networking network management solutions
Back to discussions
Expand all | Collapse all

I created CSR from Airwave 8.2.7 but where is the Private key?

This thread has been viewed 45 times

  • 1.  I created CSR from Airwave 8.2.7 but where is the Private key?

    Posted Oct 09, 2018 05:36 PM

    So I got the CSR just fine and is now signed by a certificate authority. But since Airwave only take PFX or P12, then I need the private key to create this format... where can I get the private key?



  • 2.  RE: I created CSR from Airwave 8.2.7 but where is the Private key?

    Posted Oct 10, 2018 07:29 AM

    Hey,

     

    I think logging in to CLI with ampuser and then go 9 -> 12 will help you out. I havent done a CSR myself on the airwave (always do it on a unix machine with openssl) but it complains that i do not have any private keys.

     

    "Private key not found. Please generate a certificate signing request first."

     

    Might help you out!

     



  • 3.  RE: I created CSR from Airwave 8.2.7 but where is the Private key?

    EMPLOYEE
    Posted Oct 10, 2018 11:30 AM

    No private key should be needed.

     

    There's 2 different cert install options.

     

    == SSL route ==

    9) Security -> 3) Add SSL cert:

    Running Add SSL Certificate
    Choose the certificate file.
    (The file must be in PKCS12 format with ".pfx" or ".p12" filename extension and should contain both the private key and the certificate.)

     

    == CSR route ==

    9) Security -> 11) Generate CSR

    The Generate CSR creates a private key that only the AMP server needs to know about, and the private key gets overwritten if you generate a new CSR.

    When you get the signed cert, upload it into AirWave using either the upload option [AMPCLI Main -> 3) Upload] or using the file transfer user option [8) Advanced -> 7) Add File Transfer User]

    Once uploaded, use the signed cert option

    9) Security -> 12) Install Signed Certificate

    Choose the certificate file.
    (The file must be in PEM format with the filename extension ".crt")

    It'll give you a picklist to choose your cert from.



  • 4.  RE: I created CSR from Airwave 8.2.7 but where is the Private key?

    Posted Oct 10, 2018 12:31 PM

    AMP FAILED.png

     

    What am I doing wrong here.. I can download files from airwave but I cannot upload a file to it.



  • 5.  RE: I created CSR from Airwave 8.2.7 but where is the Private key?

    EMPLOYEE
    Posted Oct 10, 2018 01:02 PM

    What are you using for your SFTP server application?  If you're trying to pull from Windows, I think the path line might be off.

     

    You're better off using the Advanced -> Add File Transfer User.  This route let's you use WinSCP to drop files into the /users folder.  If you're still struggling, a quick support case should get the cert transferred.

     

    This reminds me to add another feature request in for allowing the pasting of the cert instead of having to upload.



  • 6.  RE: I created CSR from Airwave 8.2.7 but where is the Private key?

    Posted Oct 10, 2018 01:13 PM

    Yes I was able to upload the signed .crt file using SFTP (I did not know I can make a user for SFTP). So now I went to  9) Security then 12) Install Singed Certificate ....  however it is telling me this 

     

    Running Install Signed Certificate

Private key not found. Please generate a certificate signing request first.

Hit enter to continue, 's' to show output, 'r' to show return code.

    I already did the CSR before and got it signed by a certificate authority that's why I have the .CRT file.



  • 7.  RE: I created CSR from Airwave 8.2.7 but where is the Private key?

    EMPLOYEE
    Posted Oct 10, 2018 01:59 PM

    The private key lives in /tmp.  Part of the install process is copying that key from /tmp into the certificate location.  If it's gone, it means that either the Generate CSR operation was partially run again to the point it cleared the old key, or Add SSL Cert operation was attempted which would also blank out the key.

     

    The other thing is tmpwatch flushes /tmp after 30 days.  The process could be cleaned up a bit.  I'll file a defect to add a halt on Add SSL Cert if there's a private key detected.



  • 8.  RE: I created CSR from Airwave 8.2.7 but where is the Private key?

    Posted Oct 10, 2018 02:24 PM

    Now how can I get to /tmp with this 8.2.7 limited CLI interface. I can't literally do anything. How can I get out of this?



  • 9.  RE: I created CSR from Airwave 8.2.7 but where is the Private key?

    EMPLOYEE
    Posted Oct 10, 2018 02:27 PM

    Try going through the Generate CSR process again.  That will create a new key.  You'll have to get a new signed cert to go with it.  Then the install option should work.  It's a few hoops, but it's better than having to open the TAC case to get into the backdoor.



  • 10.  RE: I created CSR from Airwave 8.2.7 but where is the Private key?

    Posted Mar 14, 2022 05:36 PM
    I realize this is an old post. But I have the same issue in version 8.13.1.
    Has anyone been successful at installing a signed cert using the ampmenu only?

    ------------------------------
    Rick Rogan
    ------------------------------

    Original Message


  • 11.  RE: I created CSR from Airwave 8.2.7 but where is the Private key?

    EMPLOYEE
    Posted Mar 23, 2022 10:57 AM
    What is the format of the signed certificate? Usually the private key will be under "/tmp" directory on the server and try to match it while uploading. We could try the format with .crt or .cer and see if its importing. If not TAC can help with getting the private key and forming the full chain.

    ------------------------------
    Vishnu Mannil
    Aruba ERT

    If my post addresses your query, give kudos :)
    ------------------------------

    Original Message


  • 12.  RE: I created CSR from Airwave 8.2.7 but where is the Private key?

    Posted Aug 25, 2022 10:18 AM

    Same issue here, Airwave 8.2.14.1

    Generate a CSR on CLI.

    Get a p7b and a cer back from our Cert Team.

    Now need the Private Key to create a FullChain because p7b and cer give the Message "Invalid certificate format"

    No Access to /tmp by using ampadmin User.

    Last time i use Aruba Buildin tools, better use OpenSSL on a Linux System.


    Original Message