Reset Search
 

 

Article

How to import signed 3rd party digital certificate to replace the default trustpoint for HTTPS access on a WiNG controller

« Go Back

Information

 
TitleHow to import signed 3rd party digital certificate to replace the default trustpoint for HTTPS access on a WiNG controller
Objective
  • To import a 3rd party signed certificate to replace the default trustpoint for HTTPS access.
  • Removing the privacy error message received when accessing the controller via HTTPS:
User-added image
Environment
  • Extreme Wireless WiNG controllers
  • Extreme Wireless WiNG APs
  • WiNG 5.x
  • HTTPS
  • Trustpoint
  • RSA/CSR
  • .p7b/.c/.crt
  • Cut and Paste
Procedure
  1.  If you don't already have the signed certificate, start by generating an RSA key under Operations >> Certificates >> Expand RF-Domain >> Select  controller >> RSA Key >> Generate Key >> Enter required information >> Ok. You should see the RSA key generated in the 'All Certificate Details' list
  2. Generate a new CSR (Certificate Signing Request): Still on the Certificates page, click on the 'Create CSR' tab >> RSA Key: Use Existing >> Select previously generated RSA key from drop down >> Certificate Subject name: Select user configure and enter the required information >> Click on Generate CSR
  3. Send CSR to signing authority for signing
  4. Once you receive the signed certificate back, a .p7b files should be included. This file will include the Root CA, Subordinate CA and Server Certificate.
Example:
User-added image
  1. Extract them into Base64 (.cer) format by following these instructions: https://wiki.scn.sap.com/wiki/display/Security/Best+Practice+-+How+to+convert+certificates+from+a+.p7b+file+to+Base64+%28.cer%29+format
  2. Once extracted, the files will have '.cer' extension. Those can now be safely opened using a text editor (Notepad ++ for example). Open both, the RootCA and SubordinateCA files and copy (combine) them into a single new file starting with subordinate cert (top) and ending with the Root cert (bottom) and save the file with a .ca extension
-----BEGIN CERTIFICATE -----
(Subordinate CA certificate string)
-----END CERTIFICATE -------
-----BEGIN CERTIFICATE -----
(ROOT CA certificate string)
-----END CERTIFICATE -------
  1. Open the Server cert file, paste into a new text file and save with a .crt extension. 
  2. Follow these instruction to import the trustpoint to the controller: https://extremenetworks2com.sharepoint.com/:b:/s/kcs/EZdImSMXuSxInAIuTI-y4LIB8eu2NuEE9iLHyElZZ7Yi2A
  3. Should you decide to import them using the 'Cut and Paste' method proceed with these steps: 
    1. Navigate to Operations >> Certificates >> Select the controller you generated the RSA key on and select Import >> Import CA >> Enter new trustpoint name in the Trustpoint Name field >> Select Cut and Paste radio button >> Paste the subordinate and Root cert strings created earlier in the '.ca' file >> OK. You should now see the trustpoint you created in the 'Manage Certificates' Tab under 'All Certificates Details' list 
User-added image
  1. Still on the same page, select Import >> Import Signed Cert >> Enter the exact same trustpoint name used when importing the Subordinate/Root string in the Trustpoint Name Field >> Cut and Paste radio button >> Paste the string from the '.crt' file >> OK.
User-added image
  1. Navigate to Configuration >> Devices >> Device Configuration >> Select controller >> Edit >> Security >> Trustpoints >> HTTPS Truspoints >> Stored >> Select the new trustpoint you created >> Ok >> Commit and Save. 
Additional notes

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255