I wanted to do a sanity check of the steps below. Are they right? The WLC is taking my certificate, but it is not working. I am using a wildcard certificate.
EDIT: This is actually for the guest portal....sorry
- run openssl from MAC. Everything output goes to /usr/<user>
- req -new -newkey rsa:2048 -nodes -keyout mykey.pem -out myreq.pem -config openssl.cnf
- screen presents options for state/city/org/etc
- myreq.pem and mykey.pem are output
- goto https://<ca-server>/certsrv and insert contents of myreq.pem into the form and set to “webserver”
- output Base64 and download certificate CHAIN
- output file will be certnew.p7b by default
- .p7b must be converted
- pkcs7 -print_certs -in certnew.p7b -out certnew.pem
- the output certificate needs converted one more time
- pkcs12 -export -in certnew.pem -inkey mykey.pem -out certnew.p12 -clcerts -passin pass:check123 -passout pass:check123
- the next command outputs the final cert for TFTP to WLC
- pkcs12 -in certnew.p12 -out final.pem -passin pass:check123 -passout pass:check123
- move final.pem to TFTP working directory.
- on WLC upload the file, and set the password to the password configured in the last openssl command.
No comments:
Post a Comment