Importing a Server Certificate

Legal Disclaimer: The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.arubanetworks.com for current and complete HPE Aruba Networking product lines and names.

Importing a Server Certificate

When you import the server certificate, you are provided with three upload options:

Upload Certificate and Use Saved Private Key: This option allows the admin to upload only the certificate. The server certificate is then matched against the private key The part of a public-private key pair that is always kept private. The private key encrypts the signature of a message to authenticate the sender. The private key also decrypts a message that was encrypted with the public key of the sender. saved on the Policy Manager server.

Upload PKCS#12 Certificate (.pfx or .p12 only): With this option, the admin uploads the PKCS#12 file and provides a pass phrase.

Upload Certificate and Private Key Files: The admin can choose to upload the private key The part of a public-private key pair that is always kept private. The private key encrypts the signature of a message to authenticate the sender. The private key also decrypts a message that was encrypted with the public key of the sender. file and password along with the server certificate file.

To import a server certificate into the current Policy Manager server:

1. Navigate to Administration > Certificates > Certificate Store.

2. Click the Import Certificate link. The Import Certificate dialog opens.

3. Click the Certificate Type menu and select Server Certificate.

Figure 1 Import Server Certificate Dialog

For security reasons, certificates signed using SHA1RSA are not recommended. Importing certificates signed with stronger keys, such as RSA Rivest, Shamir, Adleman. RSA is a cryptosystem for public-key encryption, and is widely used for securing sensitive data, particularly when being sent over an insecure network such as the Internet. with a length of more than 1024 bits, is recommended.

Policy Manager does not support importing the HTTPS Hypertext Transfer Protocol Secure. HTTPS is a variant of the HTTP that adds a layer of security on the data in transit through a secure socket layer or transport layer security protocol connection. Server Certificate chain or RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. /EAP Extensible Authentication Protocol. An authentication protocol for wireless networks that extends the methods used by the PPP, a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication. Server Certificate chain in P7b Base64 format. A P7B file contains only certificates and chain certificates (intermediate certificate authorities), not the private key The part of a public-private key pair that is always kept private. The private key encrypts the signature of a message to authenticate the sender. The private key also decrypts a message that was encrypted with the public key of the sender..

4. Specify the Import Certificate parameters as described in the following table:

Table 1: Import Server Certificate Parameters
Parameter	Action/Description
Certificate Type	Select Server Certificate (selected by default).
Server	Select the name of the Policy Manager server that the server certificate will be imported into. NOTE: When importing a certificate to a subscriber node from the publisher, in the Server field, select the subscriber node.
Type	Select one of the following server certificate types: RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. /EAP Extensible Authentication Protocol. An authentication protocol for wireless networks that extends the methods used by the PPP, a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication. Server Certificate HTTPS Hypertext Transfer Protocol Secure. HTTPS is a variant of the HTTP that adds a layer of security on the data in transit through a secure socket layer or transport layer security protocol connection. Server Certificate RadSec Server Certificate
Upload Method	Select one of the following methods to upload the certificate: Upload Certificate and Use Saved Private Key This option allows the administrator to upload only the certificate. The certificate is then matched against the private key The part of a public-private key pair that is always kept private. The private key encrypts the signature of a message to authenticate the sender. The private key also decrypts a message that was encrypted with the public key of the sender. saved on the Policy Manager server. Upload PKCS#12 Certificate (.pfx or .p12 only) With this option, the administrator uploads the PKCS#12 file and provides a passphrase. For cluster deployments, this is the cluster password. Upload Certificate and Private Key Files The administrator can choose to upload the private key The part of a public-private key pair that is always kept private. The private key encrypts the signature of a message to authenticate the sender. The private key also decrypts a message that was encrypted with the public key of the sender. file and password along with the certificate file.
Certificate File	Browse to the certificate file to be imported. NOTE: Both certificates with a wild card as the common name and Extended Validation certificates are not recommended for use as the RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. /EAP Extensible Authentication Protocol. An authentication protocol for wireless networks that extends the methods used by the PPP, a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication. server certificate. Some clients may be unable to authenticate when these types of certificates are used.

5. Click Import.