09-23-2016 12:33 AM
I am trying to add a public certificate to an instant cluster running 22.214.171.124-126.96.36.199_44004 and although the gui says that the upload was successful for both "auth server" and "captive portal server" types I don't see any evidence of the cert on the device. I am unable to verify if its being used by captive portal as its on a remote customer site but its certainly not being used for login to the Webui. Is there a way to verify if the cert is on the device? Do I have to do something in additiona to uploading it for it to be used?
09-26-2016 04:11 AM
TAC have replied that the order in which you append the items in the pem file is different from that of the format required by the controller. It seems the private key should be appended before the public key. The customer hasn't supplied a public key - is this something I can get hold of from the CA?
09-26-2016 03:00 PM
When uploading Choose certificate type: captive portal server.
Build your pem in this order:
Intermediate CA (if you have more than one include them all in the order your vendor says is 1st, 2nd etc...)
I did not have to include my vendors AddTrustExternalCARoot, but I did have 2 intermediates.
09-27-2016 05:21 AM
The certificate is fine the issue lies in the Instant code, here is the explanation from TAC -
"This issue has been reported internally already with the Engineering team. As per their update, they changed the SSL library in the initial codes. Hence, it could not support kinds of certificates."