Aruba certificates upload by Ulises Cázares

 Hi, in this post i'll write about uploanding certificates in order to use them as the captive portal cert of management cert in different aruba solutions.

 

Clearpass

1.- Clearpass accepts diferent formats to upload the certificates into it

  • PEM(offline).- You will need the certificate in 1 file and the private key in another file.
    • Note.- If the private key is not encrypted just write anything in the password field since it's required. If the private Key is encrypted you will need that password to import it

 

  • PEM(online).-You will need the certificate in 1 file and set the upload method as: Upload Certificate Use Saved Private Key

 

  • PFX.- You will need the PFX file and the export password use to create the PFX

 Note.- For either option you will need to enable or upload the Root CA Certificate in Clearpass Trust List selecting Usage as "Others" before trying to upload the cert.


 

2.- You can export the certificates already stored in Clearpass as PFX and you'll need to provide a password of your chosing to do it. 

 

Mobility Controller and Mobility Conductor (v8)

1.- The mobility controller wil accept most certificate's types but it is recomenden to use the PEM option and using the server cert as type.

  • PEM(offline).- You will need to create the PEM file in the correct order to upload it (Cert, PrivateKey, Intermediate CA, Root CA) and type the private key password if you have set any if not leave it blank the passphrase field.

 

  • PEM(online).-You will need the certificatefile and type the private key password if you have set any if not leave it blank the passphrase field.


 

Offline means that you have created the CSR outside the solution/box and you have the Private Key file

Online means that you have created the CSR inside the solution/box and you don't have the Private Key file since it's not exported

 

 

Hope this helps

 

    Comments

    Post a Comment

    Popular posts from this blog

    Aruba Clearpass - How to configure the Cisco WLC for Guest and MAC Caching by Ulises Cázares

    Image
     Hi this is a step by step on how to configure an SSID in a functional Cisco WLC (8.10)  for Guest Authentication and MAC Caching using Aruba Clearpass General Steps (this guide assumes you have correctly configured the Clearpass side) Create an Authentication Server (The secret is the same as the one configured in Clearpass) Create an Accounting Server (The secret is the same as the one configured in Clearpass) Configure the WebAuth login Page (use the configured guets login page in Clearpass) Make sure the Web Auth Certificate points to the virtual IP in the WLC Create the FlexConnect Access List (or IPV4) Make sure WebAuth SecureWeb is enable Configure the SSID with the appropiate settings   1.- Create an Authentication Server 2.- Create an Accounting Server  3.- Configure the WebAuth login Page (in this example is; guest.demo-clearpass.net/cisco_login.php)  Note.- In order to avoid the security warnings in the conencting devices, install the appropiate certificate in Clearpass wit
    Read more

    Using API in ArubaOS Switches with Postman by Ulises Cázares

    Image
     Hi, today I'm gonna show how to interact with the Aruba OS version 16.10 switches API using postman. My intention is that you know how to construct the request using headers, parameters and the body of the request. The first things to start working with the switch API are: to have administrative access to the device and to make sure of the switch version so you can look for the appropiate document. Remember, APIs can change form version to version.  You can use the command: show version. In my case is 16.10 Then you can make a quick search in google like "Aruba switch 16.10 API" to get the document and find out what are the option provided in the API. In the document you will find examples using curl and that's why i'm writting this in postman, so you have options. Now, let's do 4 thing so you can use the API: Make sure the REST interface is enable or enable it Login to the device API Construct a GET request Construct a POST request  Make sure the REST inter
    Read more

    WiFi - How to know supported channels by a wireless client by Ulises Cázares

    Image
     Hi, in this post I would tell you how to be sure which WiFi channels are supported by a wireless client so we can configure wireless solutions that will work with the endpoints in the environment. I normally approach this topic in 2 ways 1. Directly in the wireless client This one is the obvious option but, in my experience, the majority of wireless clients don't show that in any part of the configuration. Because wireless clients are very different and their configurations menus too there's no way to show a "common" path to see the supported channels(if the wireless client shows them)   2.- Use a wireless adapter in monitor mode and wireshark to see an Association Request paquet from the client. In the following images we'll see where in the association request we can see that information.    The fastest way to do it is to follow these steps: Put the wireless adapatar in monitor mode in the AP channel we'are going to connect the wireless client Open wireshar
    Read more