Comware

 View Only

  • 1.  Uploading SSL certificate to 1920S

    Posted Dec 20, 2019 01:41 PM

    Hi,

    HPE OfficeConnect 1920S switches (JL381A, JL385A), firmware PD.02.11.
    We want to upload SSL certificate generated by our Windows AD CA:

    Setup Network > Get Connected | HTTPS Connection
    Download Certificate
    File Type: SSL DH Strong Enryption Parameter PEM File
    File: dhparam.pem
    Status: Transfer complete

    Download Certificate
    File Type: SSL Server Certificate PEM File
    File: certificate.pem (private key + signed certificate)
    Status: Transfer complete

    But after this we can see certificate is not uploaded/usable:

    Setup Network > Get Connected | HTTPS Connection
    Certificate Status: Absent

    We switched logging to debug level but there is no record to log regarding certificates at all.

    When I try SSL Trusted Root Certificate PEM File (some documentation claims it is not certificate for CA, but server certificate signed by CA), it ends with an error:

    Download Certificate
    File Type: SSL Trusted Root Certificate PEM File
    File: certificate.pem (private key + signed certificate + CA public key; same result without public key)
    Status: Transfer failed

    Is there an issue with firmware?
    Where we can report this (I have some other issues to report)?

    --
    rga_cz



  • 2.  RE: Uploading SSL certificate to 1920S

    Posted Aug 12, 2020 02:04 PM

    I faced the same problem on my unit and solved it. The user manuals says this:

    SSL Trusted Root Certificate PEM File:
    A PEM-encoded SSL certificate that has been digitally signed by a certificate authority.

    SSL Server Certificate PEM File:
    A PEM-encoded SSL certificate that has been signed by another server.

    However, the text in the user manual makes no sense. It seems to me that the translator or writer had no idea how these settings work.

    You need to upload the certificate with SSL Trusted Root Certificate PEM File and then afterwards the private key with SSL Server Certificate PEM File and it will finally work.

    I think HPE should rename "SSL Trusted Root Certificate PEM File" to "SSL Certificate PEM File" and "SSL Server Certificate PEM File" to "SSL Server Private Key PEM File" to make it clear.

    I could not get it to work with certificate chains though, only with the leaf certificate itself.



Related Content