You can generate a certificate signing request either with an Elliptic curve (EC) key, or with a Rivest-Shamir-Aldeman (RSA) key. Length of the private/public key for ECDSA. This is applicable only if CSR Type is ec. Length of the private/public key for RSA. This is applicable only if CSR. The private key also decrypts a message that was encrypted with the public key of the sender. And certificate, and sends it back to the AMP AirWave Management Platform. AMP is a network management system for configuring, monitoring, and upgrading wired and wireless devices on your network. When the CSR is created via the ClearPass portal, this will be more easy and the private key will only remain within the ClearPass server. (until you would do a PKCS12 export). Create a CRS on a linux system, I use my NanoPi for this. OpenSSL can also be run on a windows system but isn’t installed by default. The certificate includes a private key. A passphrase protects this key. You specify the passphrase during export or creation of the certificate. Enter the passphrase as well. Without the passphrase, the controller is not able to get the private key and cannot use the certificate. Select the “Certificate format” and the “Certificate type”.
Licenses are platform independent and can be installed on any controller. Installation of the feature license unlocks that feature’s functionality for the maximum capacity of the controller. Table 1 lists the license types and describes how licenses are consumed on the controllers.
License | Usage Basis | What Consumes One License |
AP | AP | An AP license is required for each operational LAN-connected, mesh, or remote AP that is advertising at least one BSSID (virtual-AP). |
ACR | Client Session | This license enables ArubaOS Advanced Cryptography (ACR) features. A license is required for each active client termination using Suite-B algorithms or protocols. |
PEF | AP | One operational AP using one or more Policy Enforcement Firewall (PEF) features, such as intelligent application identification, policy-based traffic management and controls, or stateful user firewalls. NOTE: The PEF license was called PEF-NG in some previous versions of ArubaOS. |
PEFV | Controller | The PEFV license allows a network administrator to apply firewall policies to clients using a VPN to connect to the controller. This license is mandatory for the Aruba VIA VPN client, but optional for all other VPN clients. The PEFV license is purchased as a single license that enables the functionality up to the full user capacity of the controller. |
RFprotect | AP | An RFProtect (RFP) license is required for each operational AP using one or more RF Protect features, such as spectrum analysis and Wireless Intrusion Protection (WIP). |
VMC | AP | In ArubaOS 8.0.0.0, the VMC license is a non-sharable license required to install ArubaOS as a controller on a VM. |
WebCC | AP | The Web Content Classification (WebCC) license is a subscription-based, per-AP license that supports Web content classification features on an AP for the duration of the subscription period (up to 10 years per license. |
Sharable vs Controller-Specific Licenses
Many licenses are consumed on a per-AP, or per-user basis, and are not unique to any specific hardware device. These sharable license types can be assigned to a licensing pool and used by any device within a group of managed devices. A non-sharable licenses is generated using a controller serial number, and can only be used by the individual controller for which it was generated. Both sharable and non-sharable licenses are installed using Mobility Master, allowing network administrators with root-level access to remotely add licenses to any licensing pool or managed devices on the network. For more information on adding a license to a remote managed device, see Adding a License in a Mobility Master Deployment.
Sharable via a Licensing Pool | Controller-Specific License |
|---|---|
AP | PEFV |
ACR | |
PEF | |
RF Protect | |
xSec | |
VMC | |
WebCC |
Evaluation vs Permanent Licenses
Each license can be either an evaluation or permanent license. A permanent license permanently enables the desired software module on a specific Arubacontroller. You obtain permanent licenses through the sales order process only. Permanent software license keys are sent to you via email.
Aruba Airwave Doesn't Generate Private Keys
An evaluation license allows you to evaluate the unrestricted functionality of a software module on a specific controller for 90 days (in three 30-day increments). Evaluation licenses are added to Mobility Master and made sharable within a licensing pool. An expired evaluation license will remain in the license database until the controller is reset using the command write erase all, where all license keys are removed. An expired evaluation license has no impact on the normal operation of the controller, but it is kept in the license database to prevent abuse.
To determine your remaining time on an evaluation license, select the Alert flag ()in the WebUI titlebar. The WebUI displays information about evaluation license status. When an evaluation period expires:
| | The controller automatically backs up the startup configuration and reboots itself at midnight (according to the system clock). |
| | All permanent licenses are unaffected. The expired evaluation license feature is no longer available and is displayed as Expired in the WebUI. |
Perpetual vs Subscription Licenses
A perpetual license is a purchased license that has no end date; once installed, it does not expire. Most purchased licenses are perpetual licenses. The Web Content and Classification (WebCC) license is a subscription license that enables WebCC features only for the duration of the subscription (1,3,5,7 or 10 years). The subscription time period starts from the time license key is generated from the licensing Web site. Thirty days before the license period expires, an alert appears in the banner in the Mobility Master WebUI, warning the user that the license is ready to expire. After the license expiration date is passed, the license continues to operate as an active license for an extended grace period of 120 days. After this final grace period elapses, the license permanently expires.
Subscription licenses cannot be renewed. Once a license subscription expires, a new license subscription key must be generated and installed on Mobility Master. |
Creating a web server certificate request is very easy when using a Windows CA server. There is one disadvantage. The requested certificate is directly stored in the user store (by default) or the local computer store, if specified during the request. The disadvantage is that you cannot export the requested certificate including the private keys. During the request the option to Mark keys as exportable is grayed out.
There is a way to mark the keys as exportable when using a Windows CA server. You need to create a new Web Server Certificate template. You can use the existing Web Server Certificate Template as default and copy the current settings. To do so, you just:
Aruba Airwave Doesn't Generate Private Key Bitcoin
- run certtmpl.msc, which will open the Certificate Template snap-in;
- click the Web Server certificate template;
- choose Action – Duplicate Template;
- configure a unique template name;
- choose the tab Request Handling;
- enable the option Allow private key to be exported;
Aruba Airwave Doesnt Generate Private Keyboard
That is all you need to do. You can now request a new certificate with the newly create certificate template. After the certificate is issued and installed on the user or local computer store, you can export the certificate including the private key.
The following two tabs change content below.Aruba Airwave Doesn't Generate Private Key From Address
- ClearPass, Azure AD, SSO and Object ID - August 12, 2021
- ClearPass – custom MPSK - July 20, 2021
- Getting your AOS-CX switch in Central - November 4, 2020