Header Only - DO NOT REMOVE - Extreme Networks

How to configure certificates in guest portal?


I want that clients which log in to the guest portal page, don't get the security warning from the browser. Is it sufficient to create a certificate at guestportal topology interface? How should be the CN name and OU name entry in the csr request file?

8 replies

Userlevel 7
Hello,

Take a look at the following Knowledge Article....

http://gtacknowledge.extremenetworks.com/articles/How_To/CSR-generation-and-cert-installation-to-replace-expiring-certificates



Userlevel 7
Also, the CN typically will be a name that is unique to a single controller. You can use a wildcard cert that could cover multiple controllers. *..
If you do not have a wildcard cert, the common name you use should resolve to the L3 Topology IP you used on the controller to create the portal service.

For example the L3 Topology IP may be 10.1.1.1, the cert CN was Controller1.ExtremeNetworks.com, on your DNS server the users of the portal are using, you will need to add a record for Controller1 to map to IP 10.1.1.1...

Let me know if you have any questions.
Hello, now I got the certificates from the CA. See below.
- Linux (pem+cabundle)

- - cert.cabundle ---> (containing thawte DV SSL CA - G2 and thawte Primary Root CA)

- - certificate.crt ---> (containing wlandd.macrander-zertifikat.de)

- Plesk (Certificate+CACertificate)

- - cacertcertificate.crt ---> (containing thawte DV SSL CA - G2 and thawte Primary Root CA)

- - certificate.crt ---> (containing wlandd.macrander-zertifikat.de)

- Windows (pem)

- - intermediate2.crt ---> (containing thawte Primary Root CA)

- - intermediate1.crt ---> (containing thawte DV SSL CA - G2)

- - certificate.crt ---> (containing wlandd.macrander-zertifikat.de)

- Sonstige (pem)

- - root.crt ---> (containing Thawte Premium Server CA)

- - intermediate2.crt ---> (containing thawte Primary Root CA)

- - intermediate1.crt ---> (containing thawte DV SSL CA - G2)

- - certificate.crt ---> (containing wlandd.macrander-zertifikat.de)

- Sonstige (pkcs7)

- - certificate.cer ---> (containing all certificate)

which file should I install at the Guest Portal Interface?
Userlevel 7
Your guest clients need to trust the root certificate so for a guest network that would mean that you need to buy one from i.e. Verisign.
If you just put in one that you've generated by yourself the external guest still get the security warning as they don't trust this certificate.
Userlevel 7
For reference we can turn off the cert requirements on all portal services but that just means everything goes through the network in clear text.

http://gtacknowledge.extremenetworks.com/articles/Solution/Wireless-client-browser-displays-error-captive-portal-data-file-does-not-exist
thanks for fast response, I suspected the controller sends a validation request to CA with the public IP Address and it is important that the DNS name solves the used IP Address in the Internet. The certificate will be from "thawte" and should so accepted of all common browsers.
Hello, now I got the certificates from the CA. See below.
which file should I install at the Guest Portal Interface?
- Linux (pem+cabundle)

- - cert.cabundle ---> (containing thawte DV SSL CA - G2 and thawte Primary Root CA)

- - certificate.crt ---> (containing wlandd.macrander-zertifikat.de)

- Plesk (Certificate+CACertificate)

- - cacertcertificate.crt ---> (containing thawte DV SSL CA - G2 and thawte Primary Root CA)

- - certificate.crt ---> (containing wlandd.macrander-zertifikat.de)

- Windows (pem)

- - intermediate2.crt ---> (containing thawte Primary Root CA)

- - intermediate1.crt ---> (containing thawte DV SSL CA - G2)

- - certificate.crt ---> (containing wlandd.macrander-zertifikat.de)

- Sonstige (pem)

- - root.crt ---> (containing Thawte Premium Server CA)

- - intermediate2.crt ---> (containing thawte Primary Root CA)

- - intermediate1.crt ---> (containing thawte DV SSL CA - G2)

- - certificate.crt ---> (containing wlandd.macrander-zertifikat.de)

- Sonstige (pkcs7)

- - certificate.cer ---> (containing all certificate)
Hi Frank,
what file have you installed?
Works this now?

And which option?


Br,

Mario

Reply