Uploading SSL certificate to 1920S

rga_cz · ‎12-20-2019

Hi,

HPE OfficeConnect 1920S switches (JL381A, JL385A), firmware PD.02.11.
We want to upload SSL certificate generated by our Windows AD CA:

Setup Network > Get Connected | HTTPS Connection
Download Certificate
File Type: SSL DH Strong Enryption Parameter PEM File
File: dhparam.pem
Status: Transfer complete

Download Certificate
File Type: SSL Server Certificate PEM File
File: certificate.pem (private key + signed certificate)
Status: Transfer complete

But after this we can see certificate is not uploaded/usable:

Setup Network > Get Connected | HTTPS Connection
Certificate Status: Absent

We switched logging to debug level but there is no record to log regarding certificates at all.

When I try SSL Trusted Root Certificate PEM File (some documentation claims it is not certificate for CA, but server certificate signed by CA), it ends with an error:

Download Certificate
File Type: SSL Trusted Root Certificate PEM File
File: certificate.pem (private key + signed certificate + CA public key; same result without public key)
Status: Transfer failed

Is there an issue with firmware?
Where we can report this (I have some other issues to report)?

--
rga_cz

jnsp · ‎08-12-2020

I faced the same problem on my unit and solved it. The user manuals says this:

SSL Trusted Root Certificate PEM File:
A PEM-encoded SSL certificate that has been digitally signed by a certificate authority.
SSL Server Certificate PEM File:
A PEM-encoded SSL certificate that has been signed by another server.

However, the text in the user manual makes no sense. It seems to me that the translator or writer had no idea how these settings work.

You need to upload the certificate with SSL Trusted Root Certificate PEM File and then afterwards the private key with SSL Server Certificate PEM File and it will finally work.

I think HPE should rename "SSL Trusted Root Certificate PEM File" to "SSL Certificate PEM File" and "SSL Server Certificate PEM File" to "SSL Server Private Key PEM File" to make it clear.

I could not get it to work with certificate chains though, only with the leaf certificate itself.

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Uploading SSL certificate to 1920S

Uploading SSL certificate to 1920S

Re: Uploading SSL certificate to 1920S