This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Extreme Networks
- Community List
- Wireless
- ExtremeWireless (WiNG)
- Re: Wing Controller SSL Import
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Wing Controller SSL Import
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
03-21-2018 10:01 PM
Has anyone had any success importing SSL certificate from GoDaddy or other 3rd Party into Wing Controller?
We are able to import from a local CA but no 3rd party certs will work.
We are able to import from a local CA but no 3rd party certs will work.
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
04-17-2021 02:01 PM
Hi Folks,
Just wanted to mention that after an extensive troubleshooting session with the support from GTAC (Many thanks) we finally figure out what was wrong.
At the beginning I was unable to import a trustpoint until we run crypto key import trustpoint <trustpoint_name> <path> , the custom trustpoint was visible from the controller perspective (Operations → Certificates), however, to distribute the trustpoint to Wing devices you must have a tarball file imported. This part was confusing because we were expecting that no further action is required since there was a trustpoint deployed.
In addition...the tarball file I attempted to upload was messed up because .tar archive was created from a directory containing three files [.prv, .ca, .crt]
The proper way to create a .tar file is by selecting all extracted files and creating a tar archive directly from them (make sure that trustpoint name matches the file names - only file extensions are different)
Once this was done, I was able to download / sync trustpoint with controller and remote AP.
To synchronize the trustpoint, make sure that the new trustpoint is configured on the specific profiles, otherwise it won’t sync.
Usefull links :
https://extremeportal.force.com/ExtrArticleDetail?an=000082369
https://extremeportal.force.com/ExtrArticleDetail?an=000082927
https://extremeportal.force.com/ExtrArticleDetail?an=000082442
https://extremeportal.force.com/ExtrArticleDetail?an=000059384
Below you can find the commands I run to import .tar file
- to import the tarball file
file-sync load-file trustpoint xyz tftp://x.x.x.x/xyz.tar
- to check the download status
vx9000-A9B6EC>show file-sync load-file-status
Download of xyz trustpoint is complete
- to synchonize the trustpoint with Wing devices
file-sync trustpoint <trustpoint name> rf-domain XXX
- to check the sync status
show file-sync status
show file-sync history
- to check if the trustpoint exists on AP/controller etc…
show crypto pki trustpoints
show crypto pki trustpoint on <AP/Controller/RF-Domain>
9 REPLIES 9
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
03-22-2018 03:34 PM
I did and its been over a week troubleshooting with engineers. So I thought I would check here if someones actually been able to get this to work.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
03-22-2018 03:34 PM
Matt, I suggest to open a case with GTAC sonwe can take a look. There might be something small missing Regards, Ondrej
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
03-22-2018 03:34 PM
Yes. I import the whole chain. everything works fine until i get to importing the actual certificate.
The Root, Intermediates upload fine at first when creating the trust. When uploading the server cert I get an message saying that the private key doesnt match.
If I create the CSR from the controller itself, and get the certs signed, do the upload the the same way, I get a message saying that the private key isnt found in the datastore, even though the system creates it itself...
If I do from Microsoft CA, The upload works correctly as expected. Just not sure what the catch is with doing from 3rd Party CA's
The Root, Intermediates upload fine at first when creating the trust. When uploading the server cert I get an message saying that the private key doesnt match.
If I create the CSR from the controller itself, and get the certs signed, do the upload the the same way, I get a message saying that the private key isnt found in the datastore, even though the system creates it itself...
If I do from Microsoft CA, The upload works correctly as expected. Just not sure what the catch is with doing from 3rd Party CA's
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
03-22-2018 04:51 AM
Here's a non-mobile link to the same article 🙂
https://extremeportal.force.com/ExtrArticleDetail?n=000014936
https://extremeportal.force.com/ExtrArticleDetail?n=000014936
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
03-22-2018 04:51 AM
Hello Matt, Can you make sure you import the whole chain? See this article on GTAC Knowledge Base < https://gtacknowledge.extremenetworks.com/pkb_mobile#article/l:en_US/kA134000000GxFJCA0/s > Regards, Ondrej
