Configuring Certificate Authentication for WebUI Access
The managed device supports client certificate authentication for users accessing the WebUI. (The default is for username and password authentication.) You can use client certificate authentication only or client certificate authentication with username and password (if certificate authentication fails, the user can log in with a configured username and password).
Each managed device can support a maximum of ten management users.
To use client certificate authentication, you must do the following:
- Obtain a client certificate and import the certificate into the managed device. Obtaining and importing a client certificate is described in Managing Certificates.
- Configure certificate authentication for WebUI management. You can optionally also select username and password authentication.
- Configure a user with a management role. Specify the client certificate for authentication of the user.
The following procedure describes how to configure certificate authentication:
- In the node hierarchy, navigate to the tab and expand the accordion.
- Under , set to . You can select as well; in this case, the user is prompted to manually enter the username and password only if the client certificate is invalid.
- Select the to be used for this service.
By default, the Managing Certificates.
certificate is used as the server certificate. For more details on certificate, see- Click .
- Click .
- In the window, select the check box and click .
- To configure the management user, navigate to the
- Select as needed.
- Click and click +.
- Select .
- Enter the username.
- Select the user role assigned to the user upon validation of the client certificate.
Starting from ArubaOS 8.1.0.0, a new management role, role, is supported. This role has root privileges but cannot make changes to the management users. - Enter the serial number for the client certificate.
- Select the name of the CA Certificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate. that issued the client certificate.
- Click .
- Click .
- In the window, select the check box and click .
tab and expand the accordion.
The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands configure certificate authentication:
(host) [md] (config) #web-server profile
(host) [md] (Web Server Configuration) #mgmt-auth certificate
(host) [md] (Web Server Configuration) #switch-cert <certificate>
(host) [md] (Web Server Configuration) #!
(host) [md] (config) #mgmt-user webui-cacert <certificate-name> serial <number> <username> <rolename>