Legal Disclaimer: The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.arubanetworks.com for current and complete HPE Aruba Networking product lines and names.
Manage Certificates
Certificates provide a secure way of authenticating devices and eliminate the need for less secure password-based authentication. In certificate-based authentication uses digital certificates to identify a user or device before granting access to a network or application.
Server certificates and the digital certificates issued by a CA Certificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate. validate the identities of servers and clients. For example, when a client connects to a server for the first time or the first time since its previous certificate expired or revoked. The server requests that the client to transmit its authentication certificate and verifies it. Clients can also request and verify the authentication certificate of the server.
To avoid any error in the server certification, ensure to include the following Subject Alternate Name (SAN) in the certificate:
- apigw-<FQDN Fully Qualified Location Name. FQLN is a device location identifier in the format: APname.Floor.Building.Campus. >
- central-<FQDN>
- ccs-user-api-<FQDN>
- sso-<FQDN>
If you are using your own Public Key The part of a public-private key pair that is made public. The public key encrypts a message and the message is decrypted with the private key of the recipient. Infrastructure (PKI Public Key Infrastructure. PKI is a security technology based on digital certificates and the assurances provided by strong cryptography. See also certificate authority, digital certificate, public key, private key. ) to issue certificates, then you must adhere to the following:
-
The chain length of the certificates should be greater than 3.
-
The leaf certificate should have basic constraints declared. For example, CA: FALSE.
-
The Online Certificate Status Protocol (OCSP Online Certificate Status Protocol. OCSP is used for determining the current status of a digital certificate without requiring a CRL. ) server stapling is mandatory.
-
Hash algorithm should be greater than that of SHA Secure Hash Algorithm. SHA is a family of cryptographic hash functions. The SHA algorithm includes the SHA, SHA-1, SHA-2 and SHA-3 variants. -1 for FIPS Federal Information Processing Standards. FIPS validation is mandatory for federal government departments that collect, store, transfer, share, and disseminate sensitive data. enabled Aruba Central On-Premises set ups.
-
The end-entity certificate must have its extended properties, such as TLS Transport Layer Security. TLS is a cryptographic protocol that provides communication security over the Internet. TLS encrypts the segments of network connections above the Transport Layer by using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity. WEB server authentication or TLS client authentication, declared.
This topic includes the following sections: