By default, Aruba Central includes a self-signed certificate that is available on the Certificates page. The default certificate is not signed by a root certificate authority (CA Certificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate.). For devices to validate and authorize Aruba Central, administrators must upload a valid certificate signed by a root CA.

Aruba devices use digital certificates A digital certificate is an electronic document that uses a digital signature to bind a public key with an identity—information such as the name of a person or an organization, address, and so forth. for authenticating a client's access to user-centric network services. Most devices such as controllers and Instant APs include a server certificate by default for captive portal A captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users. server authentication. However, Aruba recommends that you replace the default certificate with a custom certificate issued for your site or domain by a trusted CA. Certificates can be stored locally on the devices and used for validating device or user identity during authentication.

Aruba Central-managed devices such as Instant AP and switches support the following root CA certificates:

Instant APs


  • AddTrust
  • GeoTrust
  • VeriSign
  • Go Daddy
  • Comodo
  • GeoTrust