Wireless Access

Reply
Frequent Contributor II
Posts: 125
Registered: ‎11-06-2007

Installing server certificate and all the intermediate chain for CA Authorities

I post this message here to know if is it possible to install in a 6000 controller a server certificate which can include all the intermediate CA Authorities, I mean I have requested a certified for my controller, but this certificate is not issued by Root CA, there are some intermediate CA and I want to know if is it possible to install the complete chain so when a user go to the captive portal the message " certificate not valid" wount show due to not having some intermediate CA installer in his/her browser.

Frequent Contributor II
Posts: 118
Registered: ‎02-10-2011

Re: Installing server certificate and all the intermediate chain for CA Authorities

It sounds like you know how to obtain a public server cert already (CSR, PEM format, etc).  Once you have that, you can take the server cert and then append the intermediate cert to the bottom of the file. Then take that entire file and add it to your controller.  That will give you the server and intermediate certs in one file.

 

You upload the file as a PEM format and Server Cert certificate type.  Once uploaded you can edit your captive portal, web administration and dot1x authentication settings to reference the new cert.

 

Thanks,

 

Ian

Frequent Contributor II
Posts: 125
Registered: ‎11-06-2007

Re: Installing server certificate and all the intermediate chain for CA Authorities

Sorry, but I have tried it, appened the intermediate CA certificates at the end of the cert file and at the beginning too, but the controllers always says " Error Uploading Certificate: Error in cert format".

 

Any other suggestion,  am I doing something bad?

 

MVP
Posts: 1,412
Registered: ‎11-30-2011

Re: Installing server certificate and all the intermediate chain for CA Authorities

which other settings do you use when importing, please show a screenshot or list them all.

Frequent Contributor II
Posts: 125
Registered: ‎11-06-2007

Re: Installing server certificate and all the intermediate chain for CA Authorities

OK, let's clarify things a bit more,

 

I have a server certificate (wifielche_umh_es.crt) issued by a CA in response to CSR from my 6000 controller,

The complete certificate chain is:

AddTrustExternalCARoot ->UTNAddTrustServer_CA->TERENASSLCA->wifielche_umh_es, so what I'm trying to do is open my certificate wifielche_umh_es.crt and append at the begining the sequence UTNAddTrustServer_CA->TERENASSLCA->wifielche_umh_es (see wifi_elche jpg). (Three BEGIN-END sequences)

 

Then, I try to import the certificate into the controller and I get the error.

 

Frequent Contributor II
Posts: 125
Registered: ‎11-06-2007

Re: Installing server certificate and all the intermediate chain for CA Authorities

OK, let's clarify things a bit more,

 

I have a server certificate (wifielche_umh_es.crt) issued by a CA in response to CSR from my 6000 controller,

The complete certificate chain is:

AddTrustExternalCARoot ->UTNAddTrustServer_CA->TERENASSLCA->wifielche_umh_es, so what I'm trying to do is open my certificate wifielche_umh_es.crt and append at the begining the sequence UTNAddTrustServer_CA->TERENASSLCA->wifielche_umh_es (see wifi_elche jpg). (Three BEGIN-END sequences)

 

Then, I try to import the certificate into the controller and I get the error.

 

MVP
Posts: 1,412
Registered: ‎11-30-2011

Re: Installing server certificate and all the intermediate chain for CA Authorities

don't have a controller around to test myself, but have you tried putting the ----BEGIN---- / ----- END ---- lines on seperate lines instead of on the same line as shown? can you import the certificate itself, so without chain, fine?

Frequent Contributor II
Posts: 125
Registered: ‎11-06-2007

Re: Installing server certificate and all the intermediate chain for CA Authorities

Hello,

 

I have tried putting BEGIN--END in different lines with the complete chain:

 

AddTrustExternalCARoot ->UTNAddTrustServer_CA->TERENASSLCA->wifielche_umh_es   but unsuccessfully.

 

Putting only the certificate wifielche.umh.es is OK.

 

 

MVP
Posts: 1,412
Registered: ‎11-30-2011

Re: Installing server certificate and all the intermediate chain for CA Authorities

[ Edited ]

i don't believe you ever want to do: AddTrustExternalCARoot ->UTNAddTrustServer_CA->TERENASSLCA->wifielche_umh_es, so <CA>-<int-CA>-<int-CA>-<cert> either as CA or cert.

 

but you might want to do <int-CA>-<int-CA>-<cert> and import this as a cert, with format PEM, so not as a CA with format PK7. could you try that?

 

oh and you probably need the certificate and key for your actual cert.

Frequent Contributor II
Posts: 125
Registered: ‎11-06-2007

Re: Installing server certificate and all the intermediate chain for CA Authorities

Sorry for including the CA root,

 

Now I have tried with UTNAddTrustServer_CA->TERENASSLCA->wifielche_umh_es, and I have tried to import it as PEM but I get the error in "uploading2.jpg", please, note that I have tried to import it as PEM and ServerCert "uploading1.jpg".

Search Airheads
Showing results for 
Search instead for 
Did you mean: