How to configure certificates in guest portal?

  • 0
  • 1
  • Question
  • Updated 2 years ago
  • Answered
I want that clients which log in to the guest portal page, don't get the security warning from the browser. Is it sufficient to create a certificate at guestportal topology interface? How should be the CN name and OU name entry in the csr request file?
Photo of Frank Richter

Frank Richter

  • 340 Points 250 badge 2x thumb

Posted 3 years ago

  • 0
  • 1
Photo of Doug Hyde

Doug Hyde, Technical Support Manager

  • 20,394 Points 20k badge 2x thumb
Photo of Doug Hyde

Doug Hyde, Technical Support Manager

  • 20,394 Points 20k badge 2x thumb
Also, the CN typically will be a name that is unique to a single controller. You can use a wildcard cert that could cover multiple controllers. *.<domain name>.  
If you do not have a wildcard cert,  the common name you use should resolve to the L3 Topology IP you used on the controller to create the portal service.  

For example the L3 Topology IP may be 10.1.1.1, the cert CN was Controller1.ExtremeNetworks.com, on your DNS server the users of the portal are using, you will need to add a record for Controller1 to map to IP 10.1.1.1...

Let me know if you have any questions.



 
Photo of Frank Richter

Frank Richter

  • 340 Points 250 badge 2x thumb
Hello, now I got the certificates from the CA. See below.

- Linux (pem+cabundle)

- - cert.cabundle ---> (containing thawte DV SSL CA - G2 and thawte Primary Root CA)

- - certificate.crt ---> (containing wlandd.macrander-zertifikat.de)

- Plesk (Certificate+CACertificate)

- - cacertcertificate.crt ---> (containing thawte DV SSL CA - G2 and thawte Primary Root CA)

- - certificate.crt ---> (containing wlandd.macrander-zertifikat.de)

- Windows (pem)

- - intermediate2.crt ---> (containing thawte Primary Root CA)

- - intermediate1.crt ---> (containing thawte DV SSL CA - G2)

- - certificate.crt ---> (containing wlandd.macrander-zertifikat.de)

- Sonstige (pem)

- - root.crt ---> (containing Thawte Premium Server CA)

- - intermediate2.crt ---> (containing thawte Primary Root CA)

- - intermediate1.crt ---> (containing thawte DV SSL CA - G2)

- - certificate.crt ---> (containing wlandd.macrander-zertifikat.de)

- Sonstige (pkcs7)

- - certificate.cer ---> (containing all certificate)

which file should I install at the Guest Portal Interface?

Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 45,586 Points 20k badge 2x thumb
Your guest clients need to trust the root certificate so for a guest network that would mean that you need to buy one from i.e. Verisign.
If you just put in one that you've generated by yourself the external guest still get the security warning as they don't trust this certificate.
Photo of Doug Hyde

Doug Hyde, Technical Support Manager

  • 20,394 Points 20k badge 2x thumb
For reference we can turn off the cert requirements on all portal services but that just means everything goes through the network in clear text.

http://gtacknowledge.extremenetworks.com/articles/Solution/Wireless-client-browser-displays-error-captive-portal-data-file-does-not-exist  
Photo of Frank Richter

Frank Richter

  • 340 Points 250 badge 2x thumb
thanks for fast response, I suspected the controller sends a validation request to CA with the public IP Address and it is important that the DNS name solves the used IP Address in the Internet. The certificate will be from "thawte" and should so accepted of all common browsers.
Photo of Frank Richter

Frank Richter

  • 340 Points 250 badge 2x thumb
Hello, now I got the certificates from the CA. See below.
which file should I install at the Guest Portal Interface?

- Linux (pem+cabundle)

- - cert.cabundle ---> (containing thawte DV SSL CA - G2 and thawte Primary Root CA)

- - certificate.crt ---> (containing wlandd.macrander-zertifikat.de)

- Plesk (Certificate+CACertificate)

- - cacertcertificate.crt ---> (containing thawte DV SSL CA - G2 and thawte Primary Root CA)

- - certificate.crt ---> (containing wlandd.macrander-zertifikat.de)

- Windows (pem)

- - intermediate2.crt ---> (containing thawte Primary Root CA)

- - intermediate1.crt ---> (containing thawte DV SSL CA - G2)

- - certificate.crt ---> (containing wlandd.macrander-zertifikat.de)

- Sonstige (pem)

- - root.crt ---> (containing Thawte Premium Server CA)

- - intermediate2.crt ---> (containing thawte Primary Root CA)

- - intermediate1.crt ---> (containing thawte DV SSL CA - G2)

- - certificate.crt ---> (containing wlandd.macrander-zertifikat.de)

- Sonstige (pkcs7)

- - certificate.cer ---> (containing all certificate)

Photo of MN

MN

  • 220 Points 100 badge 2x thumb
Hi Frank,
what file have you installed?
Works this now?

And which option?


Br,

Mario