Computer and IT knowledge - things to know
HPE Aruba central - how to add a crypto pki ta-profile using multiedit
1) create a test root CA
1.1) create a private key for the CA: openssl genrsa -out myTestCA.key 2048
1.2) generate the root certificate: openssl req -x509 -new -nodes -key myTestCA.key -sha256 -days 99 -out myTestCA.pem
-> fill in some test info / Country Name
2) no we have a new root certificate, it looks like:
cat myTestCA.pem
-----BEGIN CERTIFICATE-----
MIIDgDCCAmigAwIBAgITE8nlWhXSPIsS6vmJkKjxIP1YUDANBgkqhkiG9w0BAQsF
ADBQMQswCQYDVQQGEwJERTELMAkGA1UECAwCQlcxETAPBgNVBAcMCFRlc3RjaXR5
MSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMjIwNTAyMTE1
OTQ1WhcNMjIwODA5MTE1OTQ1WjBQMQswCQYDVQQGEwJERTELMAkGA1UECAwCQlcx
ETAPBgNVBAcMCFRlc3RjaXR5MSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0
eSBMdGQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDafJAlr09QH8p
KJPopa0wSLkqJaO9/u//Fnpdsq+1NOrOsmJNba+pBdtWY0lZW/VQviWW124RUxfr
w1JxEW8GkiER7HTgtIjKsxI9DXnqwEaZwj4Tw0GaBi5VPbsrcWGJt2JDVVYbUdpy
CpI5IzPYBdJUKuGbtaSnfWHEK5Gn6Kn2VvSEZl7Bs4gFgbj42+Hzt+qp3VXgYOYt
WdWwDC4/Wr1uBPXqdtAgSiyoa1MHjCEV/sI9+ButKirgnK/+PacMse8MBDabBMIf
wp+LFeOR77i8DEkIfk1TsKgPl3WgLkedDWr46KaKCyXsP8tRO/ksg7ouUWpjHb7W
ZZ65M5SBAgMBAAGjUzBRMB0GA1UdDgQWBBRA1EhOVnu5V5j4CI26jQrJaf3P6TAf
BgNVHSMEGDAWgBRA1EhOVnu5V5j4CI26jQrJaf3P6TAPBgNVHRMBAf8EBTADAQH/
MA0GCSqGSIb3DQEBCwUAA4IBAQCv1Ur5rX+/vSsxHcWxMaGp3E1gyiVHxl48aGCk
XYNPq0oqjzAnhvI2DGAoSbQDu51VxHUsm+KJM2hRf7P7YWrxZZmoKa5Q7GX8OZ0P
Vi/p7NC59GqFplInTTE7ZHwX5zdC65JH3vl3s/E6Fj3QyvYsaYdaeL/OQA7mter3
Q3g8ixrXZ7BmxRObs5e0Fk9MIOVoueVUvXGdfvq+FAzjJxkjW/HrWo+YT+6NX2JP
oJzMvf27mTK3ZYNb0kK9hrXyUHTyh5kZRtovAM/VVEO0g5r7XS9glFKTRMtxDmBW
PGVww3w17yU5amZtAkYFs7pZvlDP+15v4cYazCg3VaU1VQ+U
-----END CERTIFICATE-----
3) to insert the certificate using multiedit, you need to paste (oopy the whole section once!!!) the PEM certificate including "END_OF_CERTIFICATE" on a new line at the end followed by a CR/LF, so it looks like:
crypto pki ta-profile myTestCA
ta-certificate
-----BEGIN CERTIFICATE-----
MIIDgDCCAmigAwIBAgITE8nlWhXSPIsS6vmJkKjxIP1YUDANBgkqhkiG9w0BAQsF
ADBQMQswCQYDVQQGEwJERTELMAkGA1UECAwCQlcxETAPBgNVBAcMCFRlc3RjaXR5
MSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMjIwNTAyMTE1
OTQ1WhcNMjIwODA5MTE1OTQ1WjBQMQswCQYDVQQGEwJERTELMAkGA1UECAwCQlcx
ETAPBgNVBAcMCFRlc3RjaXR5MSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0
eSBMdGQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDafJAlr09QH8p
KJPopa0wSLkqJaO9/u//Fnpdsq+1NOrOsmJNba+pBdtWY0lZW/VQviWW124RUxfr
w1JxEW8GkiER7HTgtIjKsxI9DXnqwEaZwj4Tw0GaBi5VPbsrcWGJt2JDVVYbUdpy
CpI5IzPYBdJUKuGbtaSnfWHEK5Gn6Kn2VvSEZl7Bs4gFgbj42+Hzt+qp3VXgYOYt
WdWwDC4/Wr1uBPXqdtAgSiyoa1MHjCEV/sI9+ButKirgnK/+PacMse8MBDabBMIf
wp+LFeOR77i8DEkIfk1TsKgPl3WgLkedDWr46KaKCyXsP8tRO/ksg7ouUWpjHb7W
ZZ65M5SBAgMBAAGjUzBRMB0GA1UdDgQWBBRA1EhOVnu5V5j4CI26jQrJaf3P6TAf
BgNVHSMEGDAWgBRA1EhOVnu5V5j4CI26jQrJaf3P6TAPBgNVHRMBAf8EBTADAQH/
MA0GCSqGSIb3DQEBCwUAA4IBAQCv1Ur5rX+/vSsxHcWxMaGp3E1gyiVHxl48aGCk
XYNPq0oqjzAnhvI2DGAoSbQDu51VxHUsm+KJM2hRf7P7YWrxZZmoKa5Q7GX8OZ0P
Vi/p7NC59GqFplInTTE7ZHwX5zdC65JH3vl3s/E6Fj3QyvYsaYdaeL/OQA7mter3
Q3g8ixrXZ7BmxRObs5e0Fk9MIOVoueVUvXGdfvq+FAzjJxkjW/HrWo+YT+6NX2JP
oJzMvf27mTK3ZYNb0kK9hrXyUHTyh5kZRtovAM/VVEO0g5r7XS9glFKTRMtxDmBW
PGVww3w17yU5amZtAkYFs7pZvlDP+15v4cYazCg3VaU1VQ+U
-----END CERTIFICATE-----
END_OF_CERTIFICATE.
4) check on switch (it talkes a while to sync from cloud)
6100# show crypto pki ta-profile
TA Profile Name TA Certificate Revocation Check
-------------------------------- -------------------- ----------------
myTestCA Installed, valid disabled
computer2know :: thank you for your visit :: have a nice day :: © 2024