Security

Dear Community,

Greetings..

We have done a security audit and found one point about SSL Certificate Cannot Be Trusted on the mobility controller ip address

• A) The server's X.509 certificate cannot be trusted. If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the middle attacks against the remote host.

https://www.itu.int/rec/T-REC-X.509/en

https://en.wikipedia.org/wiki/X.509

Kindly help me to resolved this

Hi Shivam,

This query probably better belongs in the Wireless Access community group.

Aruba Mobility Controllers and other Aruba devices come with a factory or self signed certificate which in almost all cases will not be considered trusted by third party systems. You are able to change this certificate with one you have signed or have had signed by a trusted Certificate Authority. This way you can verify the certificate is trusted.

The certificate in question is likely to be the web user interface certificate (used for web UI management of the controller). It may also refer to the captive portal certificate (used for Guest network access).

You can learn more about Managing Certificates in the help guide for ArubaOS 8.11 here: https://www.arubanetworks.com/techdocs/ArubaOS_8.11.0_Web_Help/Content/arubaos-solutions/manage-utilities/manage-cert.htm?Highlight=certificate