Importing Certificates

Aruba allows you to import the following types of certificates into the managed device:

• CRL Certificate Revocation List. CRL is a list of revoked certificates maintained by a certification authority.—A certificate revocation list (CRL Certificate Revocation List. CRL is a list of revoked certificates maintained by a certification authority.) is a list of digital certificates A digital certificate is an electronic document that uses a digital signature to bind a public key with an identity—information such as the name of a person or an organization, address, and so forth. that have been revoked by the issuing certificate authority (CA Certificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate.) before their expiration date. A CRL Certificate Revocation List. CRL is a list of revoked certificates maintained by a certification authority. provides a list of certificate serial numbers that have been revoked or are no longer valid. CRLs let the verifier check the revocation status of the presented certificate while verifying it. CRLs are limited to 512 entries.
• IntermediateCA—A public intermediate CA Certificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate. certificate signed by an intermediate CA Certificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate.. The intermediate certificates provides an additional security level and in case of a security threat, you need to revoke the intermediate certificates only issued off by that intermediate CA Certificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate. to get distrusted.
• OCSPSignerCert—An OCSP Online Certificate Status Protocol. OCSP is used for determining the current status of a digital certificate without requiring a CRL. signer certificate signs OCSP Online Certificate Status Protocol. OCSP is used for determining the current status of a digital certificate without requiring a CRL. responses for the revocation checkpoint. The OCSP Online Certificate Status Protocol. OCSP is used for determining the current status of a digital certificate without requiring a CRL. signer cert can be the same trusted CA Certificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate. as the checkpoint, a designated OCSP Online Certificate Status Protocol. OCSP is used for determining the current status of a digital certificate without requiring a CRL. signer certificate issued by the same CA Certificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate. as the checkpoint or some other local trusted authority.
• OCSPResponderCert—An OCSP Online Certificate Status Protocol. OCSP is used for determining the current status of a digital certificate without requiring a CRL. responder certificate provides revocation status information to Aruba applications that use OCSP Online Certificate Status Protocol. OCSP is used for determining the current status of a digital certificate without requiring a CRL. as the revocation method. This certificate is used for signature verification.
• PublicCert—A certificate used to authenticate the validity of a public key The part of a public-private key pair that is made public. The public key encrypts a message and the message is decrypted with the private key of the recipient.. The certificate includes information about the key, identity of the owner, and the digital signature of an issuer. The public key The part of a public-private key pair that is made public. The public key encrypts a message and the message is decrypted with the private key of the recipient. is used for applications such as SSH Secure Shell. SSH is a network protocol that provides secure access to a remote device. that does not support X.509 X.509 is a standard for a public key infrastructure for managing digital certificates and public-key encryption. It is an essential part of the Transport Layer Security protocol used to secure web and email communication. certificates and requires the public key The part of a public-private key pair that is made public. The public key encrypts a message and the message is decrypted with the private key of the recipient. to verify an allowed certificate.
• ServerCert—A server certificate signed by a trusted CA Certificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate.. This includes a public and private key The part of a public-private key pair that is always kept private. The private key encrypts the signature of a message to authenticate the sender. The private key also decrypts a message that was encrypted with the public key of the sender. pair. The certificate is usually issued to hostnames and domain names.
• TrustedCA— A CA Certificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate. certificate used to validate other server or client certificates. This includes only the public key The part of a public-private key pair that is made public. The public key encrypts a message and the message is decrypted with the private key of the recipient. for the certificate. The CA Certificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate. owns the private key The part of a public-private key pair that is always kept private. The private key encrypts the signature of a message to authenticate the sender. The private key also decrypts a message that was encrypted with the public key of the sender. and uses it to sign the certificates it issues. To validate a trusted certificate, you must first check-in a CA Certificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate. certificate.

Certificates can be in the following formats:

• X509 PEM unencrypted
• X509 PEM encrypted with a key
• DER
• PKCS7 encrypted
• PKCS12 encrypted

The following procedure describes how to import certificates into the managed device:

1. In the Managed Network node hierarchy, navigate to the Configuration > System > Certificates tab.
2. Expand the Import Certificates accordion.
3. In the Import Certificates table click + and configure the following parameters:
• Certificate name—Enter a user-defined name.
• Certificate filename—Click Browse to navigate to the appropriate file on your computer. If the certificate has to be encrypted, enter the Optional passphrase and Retype passphrase.
• Certificate format—Select a format from the drop-down list.
• Certificate type—Select a type from the drop-down list.
4. Click Submit.
5. Click Pending Changes.
6. In the Pending Changes window, select the required check-box and click Deploy changes.

The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. command imports CSR Certificate Signing Request. In PKI systems, a CSR is a message sent from an applicant to a CA to apply for a digital identity certificate. certificates:

The following example imports a server certificate named cert_20 in DER format: