1. Login to Extreme Wireless Appliance using an account that has full administrative (read-write) privileges.
2. Select “Topology” from the left hand menu.
3. Select the “Certificates” tab.
4. Select the interface for which the certificate should be installed. In this example the certificate is for the controller‟s management interface (“admin”).
- If the certificate and key are already in a single file, select “Replace/Install selected Topology‟s certificate and key from a single file”. Otherwise select “Replace/Install selected Topology‟s certificate and key from separate files”. In the case of this example the server certificate and private key are in separate files. Use the button labeled “Browse” beside each field to open the standard “File” dialog and use it to locate each of the required files.
- To upload a CA certificate chain file provided by the certificate vendor, ( example: gd_bundle.crt) to the appliance, use the “Browse” button and the standard “File” dialog box will show up. Note that you also are able to upload the CA certificate chain when the server certificate and private key are in the same file.
- When all the certificate and key related fields are filled in click the “Save” button at the bottom of the form. It may take a while to process the submission because several files have to be uploaded to the appliance.
- If the server certificate is used to secure one of the controller‟s internal captive portals, one more step is required to ensure that end users do not experience certificate warnings. The server portion of a URL must match either the Subject Alternative Name or Common Name fields in the certificate securing the web site. This rule applies to the URL that the controller sends to users‟ browsers to redirect them to its captive portal. You configure that redirection URL on the “Settings” dialog reachable from the “Auth & Acct” tab of WLAN Service section of the VNS module.
- The field named: "Replace Gateway IP with FQDN" should be updated to match the Common Name or Subject Alternative Name in the certificate that secures the captive portal‟s interface. If the certificate is a wildcard certificate, the name entered in the “Replace Gateway IP with FQDN” field must be one that matches the pattern in the Common Name field. It must not be the actual wildcard common name (example: *.mydomainname.com). The Common Name in the certificate securing the website could be either...
- *.mydomainname.com (wildcard)
- portal.mydomainname.com (non-wildcard)
- The “Replace Gateway IP with FQDN” field is also available in the guest portal configuration screen and the guest splash screen configuration page. If the Common Name or Subject Alternative Name in the certificate is the IP address of the captive portal's interface then this step can be skipped.