Help
Wireless Controller
Dedicated Wi-Fi control and management for high density and mobility
gkaur
Staff
Staff

Created on ‎01-06-2016 01:05 AM

Article Id 198241

Meru Technical Note - Configuring a Third party certificate on the controller

Description

Configuring a Third party certificate on the controller.


Scope
KB Article Type: Configuration

RELATED PRODUCTS: controller

RELATED SOFTWARE VERSIONS: N/A

KEYWORDS: controller, third party, certificate


Solution

CONFIGURATION STEPS:

Step 1: Click on Configuration > Certificate Management > Server Certificates > Click on the ADD button.

Step 2: Under “Certificate Add” fill in the following fields

  •  Choose the radio button named “Create Certificate Signing Request (CSR) to be signed by a CA”.
  • Fill “Certificate Alias” text box with a name (Name can be of 1-31 alphanumeric characters)
  • Enter the private key password (Make a note of this key).
  • Enter the validity text box for which the certificate has to be valid.

Step 3: Under Distinguished Name(DN), enter the following fields

  •  Common Name - This is a Fully Qualified Domain Name (FQDN) of the controller. The FQDN should be resolved by the wireless clients connecting to the captive port SSID. (ex.: The wireless clients connecting to the SSID with captive portal should be able to resolve the FQDN of the controller).
  • Organization Unit Name
  • Organization Name
  • Locality Name
  • State Name
  • Country Code
  • E-mail Address.

Step 4: Now export/save the CSR file as alias_name.csr in the desktop.

Step 5: Send this CSR file to the third party CA (any) and request for a standard SSL certificate. In the certificate, the server option can be either “Standard SSL” or “others”

Step 6: The certificates we receive from the third party CA are filename.cer (Server certificate) and filename.p7b (Trusted chain root certificate).

Step 7: Click on Configuration>Certificate Management>Trusted Root CA and import the third party Root certificate which is of .p7b format.

Step 8: Click on the Configuration>Certificate Management>Server Certificate>Pending CSR button > Highlight alias_name.csr click on import and then browse for the server certificate file which is of .cer format.

Step 9: Once you choose it, you will have an option to choose “Used by” which is for captive portal or Web GUI. Hold control key and click on both options to enable the certificate to use both.


NOTE :

1. Certificate implementation is available only from 3.5 code onwards.

2. Only a standard SSL certificate is supported, not Wildcard certificates.

3. Ensure the trust root certificate is of .p7b format; it would be a chain.

4. The following screenshot shows the chain and the intermediate certificate. If an Intermediate certificate is required for trusted root CA, then it needs to be imported as well.


Labels:
3067
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.