CSR generation and SSL certificate installation to IdentiFi Wireless controller
Title: CSR generation and SSL certificate installation to IdentiFi Wireless controller
Objective: What is the process to generate a certificate request (CSR) and install to the IdentiFi Wireless controller?
Environment: IdentiFi Wireless Captive portal
Procedure:
1. Download and install OpenSSL-Win32 here: https://slproweb.com/download/Win64OpenSSL-1_1_1g.exe then install 2. Run the command from in an elevated dos prompt (Run As Administrator):
cd \OpenSSl-Win32\bin
openssl req –new –nodes –newkey rsa:2048 –keyout myserver.key –out server.csr -config openssl.cfg
Example output fields:
Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:NH Locality Name (eg, city) []:Salem Organization Name (eg, company) [Internet Widgits Pty Ltd]:Extreme Networks Organizational Unit Name (eg, section) []:IT-DEPT Common Name (e.g. server FQDN or YOUR name) []:controller1.extremenetworks.com Email Address []:domain@extremenetworks.com
Please enter the following 'extra' attributes
to be sent with your certificate request A challenge password []:password123 An optional company name []: 3. Fill out the fields for the certificate request including the common name, which is the DNS record hostname of the interface this will be applied to.
4. Send the CSR to the Certificate Authority (CA) that you are purchasing the certificate from, and choose “Apache” as your web server.
5. The CA will send you back a certificate file that is chained to their Root CA certificate. Usually the CA has both a Root and Intermediate certificate that is in the cert path.
6. They can usually be downloaded together but on occasion may need to be combined.
7. If you open up the certificates, you can verify that the certificate path of the Root/Intermediate certificate matches the path of the CA signed certificate.
8. When you have the certificate and the Root CA bundle, navigate to:
9. VNS > Topologies > Certificates > Select correct topology > “Replace/Install selected Topology’s certificate and key from separate files”
Browse to the correct files and enter the private key password if generated during CSR process.
Files uploaded:
First file is the topology certificate (created by the CA)
Private key file that was created in OpenSSL process
Root/Intermediate CA certificate. This states it is optional, but the cert will not be trusted if
this is not uploaded.
10. After the certificate is installed, it should show the new date and also a “Yes” indicating it is a CA certificate.
Additional notes: refer to pages 68-74
http://documentation.extremenetworks.com/wireless/9035046_wireless_integration_guide.pdf
If the Controller > Network > Topologies is used to apply the cert instead of VNS > Topologies, the following error will appear:
Failed to save configuration: Interface(s) update failed: VLAN ID conflict