I have created a new certificate and can confirm it exists, but it doesn't seem to be working
(config)# show crypto pki local-certificate
Name Usage Expiration Parent / Profile
-------------------- ------------- -------------- --------------------
new-cert Web 2027/02/02 Default
But, the HTTPS interface is still unavailable. Is there some other method that must be used to bind the certificate to the HTTPS interface?
Process I followed:
crypto pki identity-profile default subject common-name "Switch-Name" org "ORG" org-unit "IT" locality "City" state "State" country "US"
crypto pki enroll-self-signed certificate-name new-cert
If I run
show crypto pki local-certificate new-cert
I can see the new certificate details and can see that it matches when I view the certificate details in a browser. But, when I run the crypto SuiteB-MinLoS 192 tls strict command it still disables the web interface.
-------------------------------------------
Original Message:
Sent: Feb 02, 2026 06:26 PM
From: ariyap
Subject: 2930M and 5400R zl2 - How do I disable TLS 1.0?
when you want to use TLS strict, it has direct impact to WebUI of the switch and also RADIUS and SNMP.
So when you enable it, i think you need to generate (self-signed) or import a certificate for the WebUI
------------------------------
If my post was useful accept solution and/or give kudos.
Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
Original Message:
Sent: Feb 02, 2026 04:09 PM
From: beemer
Subject: 2930M and 5400R zl2 - How do I disable TLS 1.0?
I ran
crypto SuiteB-MinLoS 192 tls strict
But now I cannot access the HTTPS interface, and Edge shows the error that "This site does not have a certificate." I can successfully run that with a no in front to remove it and regain access.
If I run a show config after setting the command above, I can see that the following is shown:
no web-management
web-management ssl
These align with other switches that are still working where the TLS changes have not been made.
How can I run this command and still leave the certificate intact or is there something separately I have to re-run to re-enable the certificate?
Original Message:
Sent: Feb 02, 2026 02:56 PM
From: parnassus
Subject: 2930M and 5400R zl2 - How do I disable TLS 1.0?
Hi, have a look here:
Or, alternatively, look for the PDF of ArubaOS-Switch 16.x Security Guide (for switch hardening).
Original Message:
Sent: 2/2/2026 2:45:00 PM
From: beemer
Subject: 2930M and 5400R zl2 - How do I disable TLS 1.0?
We installed some new 5400R ZL2 and 2930M switches in December, all running KB/WC 16.11.0028 firmware, and our new vulnerability scan results came back showing TLS 1.0 was enabled. I have scoured the CLI documentation and can find no method to disable older TLS versions for web management.
We do not have Aruba Central on these switches, and we allow web management only through a restricted VLAN.
Is it possible to disable TLS 1.0 on these switches?
-------------------------------------------