Cloud Managed Networks

 View Only

  • 1.  Gateway Certificate Management in CNX

    Posted 14 days ago

    We are having issues with New Central CNX getting certificates pushed our gateways.  Specifically we can get the Captive Portal Certificate loaded just fine but we can not get the switch certificate loaded.  We have weird results I will leave out here but I would like to know if anyone has had success using unique switch certs on the gateways and if so can we chat about it.  I have a case open and SEs looking at it for several weeks now and no success.  I need help please.

    (GatewayXYZ) *#show web-server profile 

    Web Server Configuration

    ------------------------

    Parameter                                          Value

    ---------                                          -----

    Enable provided cipher suites                      **********************************

    SSL/TLS Protocol Config                            tlsv1.2 tlsv1.3

    Switch Certificate                                 ServerCert2026  <<<   I cant get this loaded but the default one loads fine and the below cert for the captive port page also loads fine here.   I tried PEM and PFX certs with the same results.

    Captive Portal Certificate                         CPCert2026



  • 2.  RE: Gateway Certificate Management in CNX

    Posted 14 days ago

    I did some testing and see also strange results. Config itself is being pushed but the certificate (public/private key) is not possible in all the scenario's.

    Please ask you SE to escalate the TAC case. 

    BTW, captive portal certificate is not needed with AOS10 because the APs will handle the Captive Portal authentications. Also in tunneled mode setup.



    ------------------------------
    Willem Bargeman
    Systems Engineer Aruba
    ACEX #125
    ------------------------------



  • 3.  RE: Gateway Certificate Management in CNX

    Posted 13 days ago

    I had reported issues early on. I could manually download the cert via HTTP on AP's. I had mentioned something on another post that there was an issue and I was told the workflow was not fully implemented. Someone responded saying the workflow was fixed. I have not actually tested anything. 

    The suggestion ERT told me a few months ago was followed. Just make sure your names are shorter then 16 (based on memory) characters or something. Have the cert loaded in classic, then do that import from classic to CNX. At that time then you can link it in the config. 


    Original Message


Related Content