Security

Hi everyone,

We have a server certfiicate installed on our controllers that is going to be expiring soon.  Today we've been using the same certificate on every controller we spin up since they all point to our CPPM for the captive portal redirect. 

Question I have is, how do I go about creating the CSR to generate a new certificate?  From what I understand, if I generate the CSR on one controller, I can only install the certficate I receive on that one controller and not the others.  Is that correct?  If that is indeed true, how have we been able to install the same, older certficate on brand new controllers we've recently setup?  And what options do we have for creating the CSR then? 

You'll need to create the CSR + Private Key on a 3rd party server since when you create a CSR on a Controller you cannot extract the private key. You should consider creating the certificate using OpenSSL or similar to allow you to obtain the private key and install on each Controller. I suspect the existing certificate which is installed on your controller has the private key chained within the cert.

Thanks for the info guys.  I have followed the openssl method for creating the CSR and private key on a separate system.  The existing, older certificate is a .pem file so you're right that it likely has the private key embedded in it for it to work across all of our controllers.

Cheers!

This ASE solution may help to get the CSR done with OpenSSL.