How to import signed 3rd party digital certificate to replace the default trustpoint for HTTPS access on a WiNG controller
To import a 3rd party signed certificate to replace the default trustpoint for HTTPS access.
Removing the privacy error message received when accessing the controller via HTTPS:
Extreme Wireless WiNG controllers
Extreme Wireless WiNG APs
Cut and Paste
If you don't already have the signed certificate, start by generating an RSA key under Operations >> Certificates >> Expand RF-Domain >> Select controller >> RSA Key >> Generate Key >> Enter required information >> Ok. You should see the RSA key generated in the 'All Certificate Details' list
Generate a new CSR (Certificate Signing Request): Still on the Certificates page, click on the 'Create CSR' tab >> RSA Key: Use Existing >> Select previously generated RSA key from drop down >> Certificate Subject name: Select user configure and enter the required information >> Click on Generate CSR
Send CSR to signing authority for signing
Once you receive the signed certificate back, a .p7b files should be included. This file will include the Root CA, Subordinate CA and Server Certificate.
Once extracted, the files will have '.cer' extension. Those can now be safely opened using a text editor (Notepad ++ for example). Open both, the RootCA and SubordinateCA files and copy (combine) them into a single new file starting with subordinate cert (top) and ending with the Root cert (bottom) and save the file with a .ca extension
-----BEGIN CERTIFICATE ----- (Subordinate CA certificate string) -----END CERTIFICATE ------- -----BEGIN CERTIFICATE ----- (ROOT CA certificate string) -----END CERTIFICATE -------
Open the Server cert file, paste into a new text file and save with a .crt extension.
Should you decide to import them using the 'Cut and Paste' method proceed with these steps:
Navigate to Operations >> Certificates >> Select the controller you generated the RSA key on and select Import >> Import CA >> Enter new trustpoint name in the Trustpoint Name field >> Select Cut and Paste radio button >> Paste the subordinate and Root cert strings created earlier in the '.ca' file >> OK. You should now see the trustpoint you created in the 'Manage Certificates' Tab under 'All Certificates Details' list
Still on the same page, select Import >> Import Signed Cert >> Enter the exact same trustpoint name used when importing the Subordinate/Root string in the Trustpoint Name Field >> Cut and Paste radio button >> Paste the string from the '.crt' file >> OK.
Navigate to Configuration >> Devices >> Device Configuration >> Select controller >> Edit >> Security >> Trustpoints >> HTTPS Truspoints >> Stored >> Select the new trustpoint you created >> Ok >> Commit and Save.
In case you need to sync the trustpoint to more that one device, please follow the steps in this article: