Install SSL Certificate on Aruba Controllers
Problem Description :
How to install an SSL certificate for the 3 Aruba 3600 Controllers
Resolution :
NOTE: This process uses an exported Certificate from a IIS 7/8 Server, meaning that you must have at least one current certificate (Windows) already installed on a Server (see Helpstar Solution #177).
Export to PFX file
1) Please start the Microsoft Management Console (MMC)
2) Add the Certificates Snap-in for the Computer account.
3) Under the Personal section of the MMC there should be a folder called "Certificates", open it.
4) Right-click on the SSL certificate you'd like to export (will be issued to *.gordonstate.edu - look at expiration date to make sure it is the correct one).
5) Hover over "All Tasks", from here one should see the option to Export...
6) Go through the wizard, make sure you export the private key.
7) While going through the wizard, accept defaults. enter a password for the private key (remember the password because you will need it in the next steps)
8) Once you have dropped out of the wizard you should have a PFX file.
Install on Controller
1) Login to each Aruba Controller and go to Configuration --> Management --> Certificates
Certificate Name: aruba-wireless.gordonstate.edu
Certficate Filename: name_of_exported_certificate.pfx
Certificate Format: PFX
Certificate Type: Server Cert
2) Click Upload
3) Enable Certificate for WebUI access by going to Configuration --> Management --> General --> WebUI Management Authentication Method.
4) Select the new certificate that was installed in step 1-2
5) Click Apply
NOTE: This will restart the httpd and servercert processes. This has caused the Controller to "crash" and reboot in the past - keeping the old certificate selected. Wait until it comes back up and try applying the new certificate again following steps 3-5. It should accept the new certificate after hitting apply. Click 'Save Configuration' and refresh the browser to see if the correct certificate is applied. If not, continue by following the steps below...
On the master controller, the httpd process might not restart properly. You can tell by checking to see if the controller is still using the old cert even after a refresh and after the temporary internet files have been cleared. If so, manually run the command below from the CLI after installing the certificate to restart httpd.
a) Login as admin
b) type 'en' and ENTER
c) enter admin password and ENTER
d) type 'process restart httpd' and ENTER
e) type 'show process monitor statistics' and ENTER
f) keep running above command to watch status of restart
Now the new certificate should be applied.
Steps followed to troubleshoot the reboot issue....
Tested the certificate by applying mapping it as an IDP server certificate. After clicking apply web-server restarted and we did not see any issue.
After that - they mapped the certificate to webui authentication method and after clicking apply web-server restarted and the controller did not reboot at this time.
Upon checking the web-server profile we are able to see the certificated mapped.
Even after mapping the certificate, we see the certificate error message in the chrome browser since the controller is sending securelogin.arubanetworks.com.
Verified and confirmed the same by taking the packet captures of the client and found that controller is sending the default certificated.
After rebooting the http process in the controller. This issue is resolved and the controller is sending the appropriate certificate and we do not see the error message while accessing the controller from the browser.
Revision Date : 6/15/2017