04-07-2011 04:27 PM - edited 07-03-2021 08:03 PM
Hi All,
I've been struggling to import a certificate that we already have on to our WiSMs, I've reviewed the documentation located here: http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00806e367a.shtml But being fairly unexperienced with openssl I've been unable to get our certificate to work, if it's even possible. We don't really want to purchase another certificate because we already have a certificate for *.domain.com in the .CRT format which is signed by a certificate authority. All of the documentation online refers to purchasing a new certificate, is this the only way I can get it to work? Since we already have a certificate for *.domain.com I would prefer create a new DNS entry for wifi.domain.com and link that to the virtual ip. I've tried converting the .crt to .pem with open ssl but that didn't work, this is the output from the wism when importing the certificate:
(WiSM-slot6-1) >transfer download start
Mode............................................. TFTP Data
Type........................................ Site Cert
TFTP Server IP................................... x.x.x.x
TFTP Packet Timeout.............................. 6
TFTP Max Retries................................. 10
TFTP Path........................................ /
TFTP Filename.................................... STAR_domain_com.pem
This may take some time. Are you sure you want to start? (y/N) y
TFTP Webauth cert transfer starting.
TFTP receive complete...
Installing Certificate.
Error installing certificate.
We also have the certificate in a -bundle format if that is any help, the output from the controller isn't really that helpful is there anyway to find out more about what is wrong? Any help would be greatly appreciated.
Cheers,
Alex
Solved! Go to Solution.
04-08-2011 08:25 AM
I haven't tried it recently. But I'm afraid of this one :
CSCsy88149 Chained certificate can not have Wildcard * character in hostname
Even if bought at verisign or any root CA, your cert has a good chance of being chained since they very often use an intermediate CA. I know wildcard certs are supported but this bug seems to say that it doesn't work for chained.
again, I didn't verify it mysefl
04-08-2011 07:48 AM
The cert type shouldn't be a site cert. should be webauth,
Cheers,
Steve
--
If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it.
04-08-2011 08:25 AM
I haven't tried it recently. But I'm afraid of this one :
CSCsy88149 Chained certificate can not have Wildcard * character in hostname
Even if bought at verisign or any root CA, your cert has a good chance of being chained since they very often use an intermediate CA. I know wildcard certs are supported but this bug seems to say that it doesn't work for chained.
again, I didn't verify it mysefl
04-08-2011 11:14 PM
That's unfortunate, thanks for the help anyway.
04-09-2011 08:40 PM
if this is a chain DID you put them in the correct order?
I had the same issue and they certs werent in the proper order .. I blogged about about this ..
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide