Reset Search



How to import signed 3rd party digital certificate to replace the default trustpoint for HTTPS access on a WiNG controller

« Go Back


TitleHow to import signed 3rd party digital certificate to replace the default trustpoint for HTTPS access on a WiNG controller
  • To import a 3rd party signed certificate to replace the default trustpoint for HTTPS access.
  • Removing the privacy error message received when accessing the controller via HTTPS:
User-added image
  • Extreme Wireless WiNG controllers
  • Extreme Wireless WiNG APs
  • WiNG 5.x
  • Trustpoint
  • .p7b/.ca/.crt
  • .tar file import or Cut and Paste method
  1.  If you don't already have the signed certificate, start by generating an RSA key under Operations >> Certificates >> Expand RF-Domain >> Select  controller >> RSA Key >> Generate Key >> Enter required information >> Ok. You should see the RSA key generated in the 'All Certificate Details' list
  2. Generate a new CSR (Certificate Signing Request): Still on the Certificates page, click on the 'Create CSR' tab >> RSA Key: Use Existing >> Select previously generated RSA key from drop down >> Certificate Subject name: Select user configure and enter the required information >> Click on Generate CSR
  3. Send CSR to signing authority for signing
  4. Once you receive the signed certificate back, a .p7b files should be included. This file will include the Root CA, Subordinate CA and Server Certificate.
User-added image
  1. Extract them into Base64 (.cer) format by following these instructions:
  2. Once extracted, the files will have '.cer' extension. Those can now be safely opened using a text editor (Notepad ++ for example). Open both, the RootCA and SubordinateCA files and copy (combine) them into a single new file starting with subordinate cert (top) and ending with the Root cert (bottom) and save the file with a .ca extension
(Subordinate CA certificate string)
-----END CERTIFICATE -------
(ROOT CA certificate string)
-----END CERTIFICATE -------
  1. Open the Server cert file, paste into a new text file and save with a .crt extension. 
  2. Follow these instruction to import the trustpoint to the controller:
  3. Should you decide to import them using the 'Cut and Paste' method proceed with these steps: 
    1. Navigate to Operations >> Certificates >> Select the controller you generated the RSA key on and select Import >> Import CA >> Enter new trustpoint name in the Trustpoint Name field >> Select Cut and Paste radio button >> Paste the subordinate and Root cert strings created earlier in the '.ca' file >> OK. You should now see the trustpoint you created in the 'Manage Certificates' Tab under 'All Certificates Details' list 
User-added image
  1. Still on the same page, select Import >> Import Signed Cert >> Enter the exact same trustpoint name used when importing the Subordinate/Root string in the Trustpoint Name Field >> Cut and Paste radio button >> Paste the string from the '.crt' file >> OK.
User-added image
  1. Navigate to Configuration >> Devices >> Device Configuration >> Select controller >> Edit >> Security >> Trustpoints >> HTTPS Truspoints >> Stored >> Select the new trustpoint you created >> Ok >> Commit and Save. 
Additional notes



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255