Aruba Airwave Doesn't Generate Private Key
If you have an Aruba account, they sent out a notice... Below is a portion of the email I received.
The AirWave Wireless Management Suite from Aruba delivers operational efficiency for teams managing rapidly changing networks and supporting mobile users who connect via the wireless LAN as well as wired Ethernet ports. With its easy-to-use interface and user-centric approach, AirWave lets your service desk triage connectivity issues while your valuable network engineering staff focuses on. A private key should never be sent to another party. It is private. If this is the first time you are using public keys, we recommend the page Public keys in SSH. Generate public/private keypair. To use public key authentication, the client from which you are connecting needs to have a public/private keypair. To generate a keypair using Bitvise.
SUMMARY
The ArubaOS operating system loaded on all Aruba Mobility Controllers and Mobility Access Switches contains a pre-loaded digital certificate with the name “securelogin.arubanetworks.com”. As is stated in the user guide, and multiple customer advisories and Airheads Community postings, the default certificate is not intended for production deployment since every Aruba controller or switch contains the same certificate. Aruba has always recommended customers to replace this default certificate with a certificate issued by a public Certificate Authority or by an internal (PKI) Certificate Authority.
Aruba Airwave Doesn't Generate Private Key For Pfx
While a majority of security conscious customers have taken our advice seriously and replaced the default certificate, Aruba is aware that there are still other customers that are using the default certificate in the production networks typically for Administrative WebUI, securing the Captive Portal login screen in guest networks and for dot1x authentication with EAP termination enable.
Aruba Airwave Doesn't Generate Private Key Blockchain
This default certificate (securelogin.arubanetworks.com) was issued by a GeoTrust certificate authority (CA) that is trusted by most browsers and operating systems. However, in light of the following articles, http://www.itnews.com.au/news/aruba-products-contain-compromised-https-certificate-436511 and http://www.darkreading.com/vulnerabilities---threats/cryptographic-key-reuse-remains-widespread-in-embedded-products/d/d-id/1326826, securelogin.arubanetworks.com has been revoked