Controllerless Networks

Need to udate the  web server cert used in my  Instant network (8.10.0)

Can someone remond me of the order i need to concatenate the files


is it

cp new_server_cert outputfile.txt
cat new_server_key >>outputfile.txt
cat ca_chain >> outputfile.txt

A

Looks like last time I did this I used this order:

<certificate>
<key>
<ca-bundle>
Original Message:
Sent: Jun 09, 2022 03:26 AM
From: Alex Sharaz
Subject: remind me the order you concatenate files to import a server cert into instant

Need to udate the  web server cert used in my  Instant network (8.10.0)

Can someone remond me of the order i need to concatenate the files


is it

cp new_server_cert outputfile.txt
cat new_server_key >>outputfile.txt
cat ca_chain >> outputfile.txt

A

Hi, normaly it would be:

<certificate>
<key>
<ca-bundle>

but I did it a few weeks ago and it was only cert and key without the ca-bundle

<certificate>
<key>
Original Message:
Sent: Jun 09, 2022 03:26 AM
From: Alex Sharaz
Subject: remind me the order you concatenate files to import a server cert into instant

Need to udate the  web server cert used in my  Instant network (8.10.0)

Can someone remond me of the order i need to concatenate the files


is it

cp new_server_cert outputfile.txt
cat new_server_key >>outputfile.txt
cat ca_chain >> outputfile.txt

A

The AP/controller will accept a certificate file without the ca-bundle included. However you may experience issues on some clients that don't have the correct trust chain installed. Including the ca-bundle usually overcomes this unless the root is not trusted by the client at all.

This is more problematic when using the certificate for secure captive-portal.
Original Message:
Sent: Jun 10, 2022 09:34 AM
From: Ulises Cazares
Subject: remind me the order you concatenate files to import a server cert into instant

Hi, normaly it would be:

<certificate>
<key>
<ca-bundle>

but I did it a few weeks ago and it was only cert and key without the ca-bundle

<certificate>
<key>
Original Message:
Sent: Jun 09, 2022 03:26 AM
From: Alex Sharaz
Subject: remind me the order you concatenate files to import a server cert into instant

Need to udate the  web server cert used in my  Instant network (8.10.0)

Can someone remond me of the order i need to concatenate the files


is it

cp new_server_cert outputfile.txt
cat new_server_key >>outputfile.txt
cat ca_chain >> outputfile.txt

A

------------------------------
Dustin Burns

Lead Mobility Engineer @Worldcom Exchange, Inc.

ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2022
If my post was useful accept solution and/or give kudos
------------------------------

Original Message:
Sent: Jun 09, 2022 03:26 AM
From: Alex Sharaz
Subject: remind me the order you concatenate files to import a server cert into instant

Need to udate the  web server cert used in my  Instant network (8.10.0)

Can someone remond me of the order i need to concatenate the files


is it

cp new_server_cert outputfile.txt
cat new_server_key >>outputfile.txt
cat ca_chain >> outputfile.txt

A

Many thanks Dusin

o.k. so key first then cert then ca -bundle ending with root CA


Original Message:
Sent: 6/10/2022 9:48:00 AM
From: DB86
Subject: RE: remind me the order you concatenate files to import a server cert into instant

Creating a .pem with the Private Key and Entire Trust Chain

1.     Open a text editor (such as wordpad) and paste the entire body of each certificate into one text file in the following order:

1.     Purchase and generate the certificate

2.     The Private Key – Controller-key.key

3.     The Primary Certificate – securelogin.<domain>.crt

4.     The Intermediate Certificate - IntermediateCA.crt

5.     The Root Certificate - TrustedRoot.crt

Make sure to include the beginning and end tags on each certificate. The result should look like this:

-----BEGIN RSA PRIVATE KEY-----

(Your Private Key: Controller-key.key)

-----END RSA PRIVATE KEY-----

-----BEGIN CERTIFICATE-----

(Your Primary SSL certificate: securelogin.<domain>.crt)

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

(Your Intermediate certificate: IntermediateCertCA.crt)

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

(Your Root certificate: TrustedRoot.crt)

-----END CERTIFICATE-----

Save the combined file as securelogin.<domain>.pem.

The .pem file is now ready to use.

------------------------------
Dustin Burns

Lead Mobility Engineer @Worldcom Exchange, Inc.

ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2022
If my post was useful accept solution and/or give kudos
------------------------------

Original Message:
Sent: Jun 09, 2022 03:26 AM
From: Alex Sharaz
Subject: remind me the order you concatenate files to import a server cert into instant

Need to udate the  web server cert used in my  Instant network (8.10.0)

Can someone remond me of the order i need to concatenate the files


is it

cp new_server_cert outputfile.txt
cat new_server_key >>outputfile.txt
cat ca_chain >> outputfile.txt

A

Correct :)

------------------------------
Dustin Burns

Lead Mobility Engineer @Worldcom Exchange, Inc.

ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2022
If my post was useful accept solution and/or give kudos
------------------------------

Original Message:
Sent: Jun 10, 2022 11:21 AM
From: Alex Sharaz
Subject: remind me the order you concatenate files to import a server cert into instant

Many thanks Dusin

o.k. so key first then cert then ca -bundle ending with root CA


Original Message:
Sent: 6/10/2022 9:48:00 AM
From: DB86
Subject: RE: remind me the order you concatenate files to import a server cert into instant

Creating a .pem with the Private Key and Entire Trust Chain

1.     Open a text editor (such as wordpad) and paste the entire body of each certificate into one text file in the following order:

1.     Purchase and generate the certificate

2.     The Private Key – Controller-key.key

3.     The Primary Certificate – securelogin.<domain>.crt

4.     The Intermediate Certificate - IntermediateCA.crt

5.     The Root Certificate - TrustedRoot.crt

Make sure to include the beginning and end tags on each certificate. The result should look like this:

-----BEGIN RSA PRIVATE KEY-----

(Your Private Key: Controller-key.key)

-----END RSA PRIVATE KEY-----

-----BEGIN CERTIFICATE-----

(Your Primary SSL certificate: securelogin.<domain>.crt)

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

(Your Intermediate certificate: IntermediateCertCA.crt)

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

(Your Root certificate: TrustedRoot.crt)

-----END CERTIFICATE-----

Save the combined file as securelogin.<domain>.pem.

The .pem file is now ready to use.

------------------------------
Dustin Burns

Lead Mobility Engineer @Worldcom Exchange, Inc.

ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2022
If my post was useful accept solution and/or give kudos

Original Message:
Sent: Jun 09, 2022 03:26 AM
From: Alex Sharaz
Subject: remind me the order you concatenate files to import a server cert into instant

Need to udate the  web server cert used in my  Instant network (8.10.0)

Can someone remond me of the order i need to concatenate the files


is it

cp new_server_cert outputfile.txt
cat new_server_key >>outputfile.txt
cat ca_chain >> outputfile.txt

A

In fact, I found the location of the key is not important. You can put it at the beginning or at the end.

The root CA itself should not be included in the certificate bundle (but in practice doesn't hurt), because the root CA needs to be in the client device so no need to send it as it will be ignored anyway and not sending reduces the amount of data being sent. There is a lot of conflicting information on if you should include the root or not, but it's not needed and because of the reason before it is better not to.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Jun 10, 2022 11:21 AM
From: Alex Sharaz
Subject: remind me the order you concatenate files to import a server cert into instant

Many thanks Dusin

o.k. so key first then cert then ca -bundle ending with root CA


Original Message:
Sent: 6/10/2022 9:48:00 AM
From: DB86
Subject: RE: remind me the order you concatenate files to import a server cert into instant

Creating a .pem with the Private Key and Entire Trust Chain

1.     Open a text editor (such as wordpad) and paste the entire body of each certificate into one text file in the following order:

1.     Purchase and generate the certificate

2.     The Private Key – Controller-key.key

3.     The Primary Certificate – securelogin.<domain>.crt

4.     The Intermediate Certificate - IntermediateCA.crt

5.     The Root Certificate - TrustedRoot.crt

Make sure to include the beginning and end tags on each certificate. The result should look like this:

-----BEGIN RSA PRIVATE KEY-----

(Your Private Key: Controller-key.key)

-----END RSA PRIVATE KEY-----

-----BEGIN CERTIFICATE-----

(Your Primary SSL certificate: securelogin.<domain>.crt)

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

(Your Intermediate certificate: IntermediateCertCA.crt)

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

(Your Root certificate: TrustedRoot.crt)

-----END CERTIFICATE-----

Save the combined file as securelogin.<domain>.pem.

The .pem file is now ready to use.

------------------------------
Dustin Burns

Lead Mobility Engineer @Worldcom Exchange, Inc.

ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2022
If my post was useful accept solution and/or give kudos

Original Message:
Sent: Jun 09, 2022 03:26 AM
From: Alex Sharaz
Subject: remind me the order you concatenate files to import a server cert into instant

Need to udate the  web server cert used in my  Instant network (8.10.0)

Can someone remond me of the order i need to concatenate the files


is it

cp new_server_cert outputfile.txt
cat new_server_key >>outputfile.txt
cat ca_chain >> outputfile.txt

A