cancel
Showing results for 
Search instead for 
Did you mean: 

How to generate certificates for 802.1x authentication for the access points? Thanks.

How to generate certificates for 802.1x authentication for the access points? Thanks.

dal
New Contributor II

How do i generate certificate requests for use in 802.1x authentication for the access points, as seen under Configuration -> Network Policy -> Additional Settings -> Secure Port Settings?

I tried to set them up with PEAP, but the radius server recieves messages where the username is set to INVALID for some reason.

So either I have to figure out what causes that, or try to use certificates, which is the way I really want to go.

 

Thanks.

1 ACCEPTED SOLUTION

samantha_lynn
Esteemed Contributor III

I'm sorry, I think there is some confusion on how these certs work. You would download the CSR from the HiveManager, import that in to your CA, your CA signs it, and should give you three things: The CA cert file (this is the intermediate and root certs concatenated together), the server cert file (this is the one the CA signs), and the key file. All you would need to do from there is import these in the the HiveManager, the HiveManager doesn't sign these again.

View solution in original post

14 REPLIES 14

samantha_lynn
Esteemed Contributor III

Can't say that I've tried with a Windows CA cert, but theoretically you should be able to export the certificate into PFX files to separate out the private key (assuming the CA template you are using allows the private key to be exported). Windows support would probably have better tips for you.

dal
New Contributor II

Great, thanks.

Then I only need to figure out how to "extract" a private key file from the sertificate that the Windows CA generates, since it seems that Hivemanager requires a separate private key file.

 

Any tips on how to do that?

 

Thanks.

samantha_lynn
Esteemed Contributor III

I'm sorry for the delay getting back to you, we have been looking in to this for you and it looks like Web server would be your best option. Technically speaking, the SSL certs are pretty much the same with the exception of the type of attributes they contain. Radius SSL certs in particular have two authentication attributes that must be included.

bruce_stahlin
Contributor III

I see, thank you for the clarification.

GTM-P2G8KFN