Replace Default SSL Cert in Aruba Instant AP
Step to replace default SSL Cert in Aruba Instant AP
Default SSL Cert for Captive Portal
User will get the following error message whenever they try to connect to GUEST WIFI with Captive Portal configured with Aruba Instant AP
Replace Default SSL Cert in Aruba Instant AP for Captive Portal
The default SSL Cert used in Aruba Instant AP can be replaced with
-
Comodo PositiveSSL – Purchased it with less than USD 10 per year with a single domain name, like wifi.aventistech.com
-
Let’s Encrypt free SSL Certificate – Generate it following Generate Wildcard SSL Certificate from Let’s Encrypt. However, Let’s Encrypt SSL Certificate need to be renewed every 3 months
Let’s Encrypt Wildcard SSL Certificate is used in this lab
- Convert fullchain.PFX to PEM format
The SSL Certificate used for Captive Portal need to include the information of Certificate, Intermediate & Private Key
openssl pkcs12 -in fullchai.pfx -out fullchain.pem -nodes
- Install Solarwinds TFTP Server (FREE) on Windows 2019 Server (192.168.1.232)
- Copy the AventisLab.pem to C:\TFTP-Root
- SSH to Aruba IAP 315 and upload the pem Cert for cpserver (Captive Portal)
IAP315# copy tftp 192.168.1.232 fullchain.pem cpserver cert P@ssw0rd!@#$
captiveportal-login is used as hostname for wildcard cert or hostname defined in SSL Certificate will be used
The Captive Portal will be associated with the public SSL Certificate uploaded now
Replace Default SSL Cert in Aruba Instant AP for WebUI
- Convert PFX to PEM format
openssl pkcs12 -in cert.pfx -out cert.pem -nodes
- Copy the cert.pem to C:\TFTP-Root
- SSH to Aruba IAP 315 and upload the pem Cert for WebUI (uiserver)
IAP315# copy tftp 192.168.1.232 cert.pem uiserver cert P@ssw0rd!@#$ format pem
#Commit Changes
commit apply
The uploaded SSL Certificate is applied when you Login to https://iap.aventislab.com:4343
Reference Link https://www.arubanetworks.com/techdocs/Instant_41_Mobile/Advanced/Content/UG_files/Authentication/Certificates.htm#Loading