Skip to content

Aruba

Jump to bottom
Symrak edited this page Jan 10, 2019 · 4 revisions

Aruba OS/Instant useful commands and techniques list

Guest portal and Web UI certificates management

Generating self-signed certificate with OpenSSL

Generating new key for the Root CA:
openssl genrsa -out <Path to CA *.key file> 2048.

Generating pair of key and cert for Root CA:
openssl req -x509 -new -key <Path to CA *.key file> -days <Valid period in days> -out <Path to CA certificate *.crt file>.

Generating new key for teh Resource cert:
openssl genrsa -out <Path to Resource *.key file> 2048.

Generating request for the cert for the Resource:
openssl req -new -key <Path to Resource *.key file> -out <Path to Resource certificate request *.csr file>.

Generating the cert from the request and signing it with Root CA cert:
openssl x509 -req -in <Path to Resource certificate request *.csr file> -CA <Path to CA certificate *.crt file> -CAkey <Path to CA *.key file> -CAcreateserial -out <Path to Resource certificate *.crt file> -days <Valid period in days>.

Note: Self-signed certificates will be untrusted by devices due unknown certificate issuer (devices will get SEC_ERROR_UNKNOWN_ISSUER error in browser)! For resolving this issue you must use public certificate, validated by trusted public CA server (like Comodo, Verisign, Let's Encrypt, etc.). Public certificate can be on any FQDN name (Controller will use specified in certificate value).

Sources: community.arubanetworks.com, community.arubanetworks.com, community.arubanetworks.com, community.arubanetworks.com, habr.com

Generating certificate ready for uploading to Aruba Controller/Instant AP

Gluing the target file from Resource private key, Resource public cert and Root public cert:

  • Windows OS:
    type "<Path to Resource *.key file>" "<Path to Resource certificate *.crt file>" "<Path to CA certificate *.crt file>" > "<Path to the Resource combined file in *.crt format>";
    Note: All paths for must be specified with backslashes!
  • Linux OS:
    cat <Path to Resource *.key file> <Path to Resource certificate *.crt file> <Path to CA certificate *.crt file> > <Path to the Resource combined file in *.crt format>.

Source: community.arubanetworks.com

Uploading certificate for Captive portal to Instant AP

For uploading certificate you must execute this command from Instant controller via console:
copy tftp <TFTP Server IP address> <Certificate filename> cpserver cert <Certificate password (can be blank)> format <Certificate format (pem or crt)>.

Or you can use Web UI for the upload starting from version 6.5.2.

Source: arubanetworks.com

Clone this wiki locally