![]() This is what we are ultimately going to want to bring in here. So the combination of the private key and the signed public cert we saved as the mc.pfx file. And we also exported a certificate that we then did a certificate signing request from RCA. This is the exported private key that we did using open SSL commands in our command prompt. We used this to generate a private key and public key pair. Look here, this configuration of what the MC settings were. I can install the MC cert that we created earlier. After pressing enter in the browser, you submit and then do a pending changes, deploy those pending changes. With that done, we submit and with our mobility controller operating system once you submit, if you're in command line, you need a right memory. The certificate is in a pin format, and it is a trusted CA cert. There is not set the format appropriately. If there was a pass phrase, I could put that in. ![]() So let's go and open that up, it's now ready to pull that back in. Now I'm on a browser on this wired machine, I've already imported the route CA public cert here, are the certificate that I can install and there's that route CA cert. And then we can get the certificate a nice little name here and we'll just call this the same Aruba training CA and then browse to where that Cert is. But in the import certificate option, I want to go ahead and import a new certificate. This is where we have the option to import certificates, export certificates to a certificate signing request, revoke checkpoints, etcetera. Go down to configuration, go down to system and look for certificates. So to do that, we're going to connect to the controller. ![]() So it's using the same cert for this SSL connection. So that's one of the first steps we're going to do is get the certificate, authority, signature or imported. We have the one for this environment, this controller does not. My computer does not share that same certificate authority. The certificate authority that signed off on this is self signed. And if we look at the air, it actually says that the CERT is invalid. So if I refresh this and log in, this is the air message that we were seeing the very first time. There's a pop up showing us that there was a pop it originally saying this site is not secure and the reason we are re enables the warning. So logging into the controller, in fact, you can still see it here. So let me do that, I'm going to refresh this, here we go. ![]() And once I'm on my wired machine, I can close some of this out, open up a browser and navigate to the controller itself. So first things first, I'm going to open up my wired machine over here. Now, we just simply need to import that cert into the controller. We are going to install the certificate authority to the controller, and instead of generating this public private key pair certificates on the controller and then getting the public signed, we've actually already done that step in a prior lab on the wired management machine. ![]() In this particular task, we're going to do the same thing with the controller. And getting those signed by the CA or by the certificate authority. In the previous tasks, we have hardened the 63 switches and part of that hardening process included using stronger cipher algorithms and max using enabling SSH, disabling telnet, and installing the root certificate authority as well as generating certificates on the switches themselves. All right, so in this task, what we're going to do is hardened the controller. And in this task, we're going to be installing Certs. And this is the Aruba Networks Security Basics video series, part two, where we are going to jump into lab number three, where we're on the Aruba mobility controller. Hello and welcome back, my name is Tyler McMinn. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |