Reset Search



CSR generation and SSL certificate installation to IdentiFi Wireless controller

« Go Back


TitleCSR generation and SSL certificate installation to IdentiFi Wireless controller
What is the process to generate a certificate request (CSR) and install to the IdentiFi Wireless controller?
  • IdentiFi Wireless
  • ​Captive portal
     1.  Download and install OpenSSL-Win32 here: then install
     2.  Run the command from in an elevated dos prompt (Run As Administrator):
cd \OpenSSl-Win32\bin
openssl req –new –nodes –newkey rsa:2048 –keyout myserver.key –out server.csr -config openssl.cfg

Example output fields:
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:NH
Locality Name (eg, city) []:Salem
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Extreme Networks
Organizational Unit Name (eg, section) []:IT-DEPT
Common Name (e.g. server FQDN or YOUR name) []
Email Address []
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:password123
An optional company name []:

     3.  ​Fill out the fields for the certificate request including the common name, which is the DNS record hostname of the interface this will be applied to. 

     4.  Send the CSR to the Certificate Authority (CA) that you are purchasing the certificate from, and choose “Apache” as your web server. 

     5.  The CA will send you back a certificate file that is chained to their Root CA certificate.  Usually the CA has both a Root and Intermediate certificate that is in the cert path.

     6.  They can usually be downloaded together but on occasion may need to be combined. 

     7.  If you open up the certificates, you can verify that the certificate path of the Root/Intermediate certificate matches the path of the CA signed certificate. 

     8.  When you have the certificate and the Root CA bundle, navigate to:

     9.  VNS > Topologies > Certificates > Select correct topology > “Replace/Install selected Topology’s certificate and key from separate files”

          Browse to the correct files and enter the private key password if generated during CSR process. 
          Files uploaded:

  • First file is the topology certificate (created by the CA)
  • Private key file that was created in OpenSSL process
  • Root/Intermediate CA certificate.  This states it is optional, but the cert will not be trusted if this is not uploaded.  
     10.  After the certificate is installed, it should show the new date and also a “Yes” indicating it is a CA certificate.  
Additional notes
refer to pages 68-74

If the Controller > Network > Topologies is used to apply the cert instead of VNS > Topologies, the following error will appear:
Failed to save configuration: Interface(s) update failed: VLAN ID conflict




Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255