This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

How to configure certificates in guest portal?

How to configure certificates in guest portal?

Frank_Richter
New Contributor

‎05-20-2015 11:41 AM

I want that clients which log in to the guest portal page, don't get the security warning from the browser. Is it sufficient to create a certificate at guestportal topology interface? How should be the CN name and OU name entry in the csr request file?

0 Kudos
9 REPLIES 9

Doug
Extreme Employee

‎05-20-2015 12:06 PM

For reference we can turn off the cert requirements on all portal services but that just means everything goes through the network in clear text.

http://gtacknowledge.extremenetworks.com/articles/Solution/Wireless-client-browser-displays-error-ca...

Doug Hyde
Director, Technical Support / Extreme Networks
0 Kudos

Ronald_Dvorak
Honored Contributor

‎05-20-2015 11:50 AM

Your guest clients need to trust the root certificate so for a guest network that would mean that you need to buy one from i.e. Verisign.
If you just put in one that you've generated by yourself the external guest still get the security warning as they don't trust this certificate.
0 Kudos

Doug
Extreme Employee

‎05-20-2015 11:46 AM

Hello,

Take a look at the following Knowledge Article....

http://gtacknowledge.extremenetworks.com/articles/How_To/CSR-generation-and-cert-installation-to-rep...
Doug Hyde
Director, Technical Support / Extreme Networks
0 Kudos

Frank_Richter
New Contributor
In response to Doug

‎05-20-2015 11:46 AM

Hello, now I got the certificates from the CA. See below.
- Linux (pem+cabundle)

- - cert.cabundle ---> (containing thawte DV SSL CA - G2 and thawte Primary Root CA)

- - certificate.crt ---> (containing wlandd.macrander-zertifikat.de)

- Plesk (Certificate+CACertificate)

- - cacertcertificate.crt ---> (containing thawte DV SSL CA - G2 and thawte Primary Root CA)

- - certificate.crt ---> (containing wlandd.macrander-zertifikat.de)

- Windows (pem)

- - intermediate2.crt ---> (containing thawte Primary Root CA)

- - intermediate1.crt ---> (containing thawte DV SSL CA - G2)

- - certificate.crt ---> (containing wlandd.macrander-zertifikat.de)

- Sonstige (pem)

- - root.crt ---> (containing Thawte Premium Server CA)

- - intermediate2.crt ---> (containing thawte Primary Root CA)

- - intermediate1.crt ---> (containing thawte DV SSL CA - G2)

- - certificate.crt ---> (containing wlandd.macrander-zertifikat.de)

- Sonstige (pkcs7)

- - certificate.cer ---> (containing all certificate)

which file should I install at the Guest Portal Interface?



0 Kudos

Doug
Extreme Employee
In response to Doug

‎05-20-2015 11:46 AM

Also, the CN typically will be a name that is unique to a single controller. You can use a wildcard cert that could cover multiple controllers. *..
If you do not have a wildcard cert, the common name you use should resolve to the L3 Topology IP you used on the controller to create the portal service.

For example the L3 Topology IP may be 10.1.1.1, the cert CN was Controller1.ExtremeNetworks.com, on your DNS server the users of the portal are using, you will need to add a record for Controller1 to map to IP 10.1.1.1...

Let me know if you have any questions.
Doug Hyde
Director, Technical Support / Extreme Networks
0 Kudos
Top
GTM-P2G8KFN