Reset Search
 

 

Article

How to import digital certificate to WiNG controller

« Go Back

Information

 
TitleHow to import digital certificate to WiNG controller
Objective
Importing signed certificate and its respective issuer / root certificate controller reports error or private key mismatch.
Environment
  • All Summit WM3000 Series Controllers
  • ExtremeWiNG Controllers
  • WirelessWiNG Controllers
  • ExtremeWiNG Access Points
  • WirelessWiNG Acess Points
  • WiNG 5 Software
  • CSR based certificate with valid private key
Procedure

First of all prepare all certificates in Base-64 form and merging all into one text file (chained certificate file) in reverse order

-----BEGIN CERTIFICATE -----
(Signed server certificate)
-----END CERTIFICATE -------

 
-----BEGIN CERTIFICATE -----
(Intermediate CA certificate 1)
-----END CERTIFICATE -------
-----BEGIN CERTIFICATE -----
(Intermediate CA certificate 2)
-----END CERTIFICATE -------
-----BEGIN CERTIFICATE -----
(Root CA certificate)
-----END CERTIFICATE -------
Navigate to Operations - Certificates - Select device you want to import certificates to and select Import - Import CA
 
User-added image
 
Once done, import signed server certificate in same manner. Please not that trustpoint name MUST MATCH
 
User-added image
 
The certificate should be now imported successfully.

Other method is to use general Import via FTP / TFTP
Each file in the FTP folder must have exactly the same filename, only file extension will differ:
 
1. Private Key with .prv extension (not necessary if you have it on controller already)
 
-----BEGIN PRIVATE KEY----- 
(Your Private Key DECRYPTED) 
-----END PRIVATE KEY------- 
 
2. CA chained certificate in a hierarchy with .ca extension: 
 
-----BEGIN CERTIFICATE ----- 
(Intermediate CA certificate 1) 
-----END CERTIFICATE ------- 
-----BEGIN CERTIFICATE ----- 
(Intermediate CA certificate 2) 
-----END CERTIFICATE ------- 
-----BEGIN CERTIFICATE ----- 
(Root CA certificate)
-----END CERTIFICATE ------- 
 
3. Signed Server Certificate with .crt extension: 
 
-----BEGIN CERTIFICATE ----- 
(Signed server certificate) 
-----END CERTIFICATE ------- 
 
4. Certificate Revocation List with .crl extension

-----BEGIN CERTIFICATE ----- 
(CRL list in Base64 form) 
-----END CERTIFICATE ------- 
Then initiate general Import from same tab as mentioned above
 
User-added image

 
Additional notes

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255