Have a Question?
< All Topics
Print

Replace Certificate on Aruba Controller

Posted
Updated
ByYongKW

Steps on how to replace Certificate on Aruba Controller

Backup Running Config to TFTP Server

Refer to Setup TFTP Server on RHEL 8 to build a TFTP Server to store the backup config.

Backup the running-config to TFTP Server (192.168.1.231)

(ArubaVMC) [mynode] #copy running-config tftp: 192.168.1.231 arubavmc.txt

Replace Certificate on Aruba Controller for WebUI

Upload aventislab.pfx file to TFTP Server

scp aventislab.pfx [email protected]:/tmp
cp /tmp/aventislab.pfx /var/lib/tftpboot/aventislab.pfx

Login to Aruba VMC to download aventislab.pfx from TFTP Server

(ArubaVMC) [mynode] #copy tftp: 192.168.1.231 lab.pfx flash: lab.pfx

Import the PFX file as serverCert (For WebUI) with password = aruba123

You will get the error message below if the PFX password is too complex

Unacceptable password. Can’t contain any of the following characters: ‘ $ & ( ) | \ " ; < > ?

(ArubaVMC) [mynode] #crypto pki-import pfx serverCert aventislab.com aventislab.pfx aruba123
Certificate is uploaded. Please execute "crypto-local pki SERVERCERT aventislab.com aventislab.pfx" from a config node

Configure aventislab.pfx as SERVERCERT

(ArubaVMC) [mynode] # configure terminal
(ArubaVMC) [mynode] (config) # crypto-local pki SERVERCERT aventislab.com aventislab.pfx
(ArubaVMC) [mynode] (config) # end 
(ArubaVMC) [mynode] # wri mem

Verify the serverCert is associated with aventislab.pfx

(ArubaVMC) [mynode] #show crypto-local pki serverCert

Certificates
------------
Name            Original Filename  Reference Count  Expired
--------------  -----------------  ---------------  -------
aventislab.com  aventislab.pfx     0                No

Change the WebUI to use the public SSL Certificate

(ArubaVMC) [mynode] (config) # web-server profile
(ArubaVMC) [mynode] (Web Server Configuration) # switch-cert aventislab.com
(ArubaVMC) [mynode] # wri mem

Login to Aruba VMC using FQDN and verify the public SSL Certificate is configured correctly

Replace Certificate on Aruba Controller

Replace Certificate on Aruba Controller for Captive Portal

User will encounter the error page below if the default Aruba Self-sign certificate is used in Captive Portal for Guest WIFI

Replace the Self-sign certificate with public SSL Certificate

(ArubaVMC) [mynode] (config) # web-server profile
(ArubaVMC) [mynode] (Web Server Configuration) # captive-portal-cert aventislab.com
(ArubaVMC) [mynode] # wri mem

If a wildcard certificate is uploaded (for example, CN=*.aventislab.com), the asterisk in CN is replaced with ‘captiveportal-login’ in order to derive the Captive Portal logon page URL (captiveportal-login.aventislab.com).

User will be redirected to https://captiveportal-login.aventislab.com without certificate error now.

Table of Contents
Scroll to Top