WLAN Controller E-MSM720: Certificate problem
WLAN Controller E-MSM720: Certificate problem
(OP)
Hello
My company is going to use wireless at som branches and just bought a WLAN Controller E-MSM720, and 2 APs for wireless testing.
The WLAN Controller and APs are working good, but the website's security certificate problem and the warning of the red x error on the login page make users comfused and restless.
There is a problem with this website's security certificate.
The security certificate presented by this website was issued for a different website's address.
Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.
We recommend that you close this webpage and do not continue to this website.
........
.......
We also tried some default HP Certificate Stores without luck
1 wireless.hp.internal wireless.hp.internal Web Management Tool, SOAP Server, HTML authentication, Billing records logging system
2 Dummy Server Certificate Dummy Authority RADIUS EAP
3 Management Console Default client certificate Management Console Dummy Authority HP Management console
We put an article of the problem on the HP forum and hoped that someone can help us, but no reply.
We also sent a mail to HP Networking for help and received only the request confirmation of support. We have been waiting for long time and no one could contact us.
Therefore we post the problem here and need your help
Could you please tell us how to solve the problem? and where can we buy such certificate to apply on the WLAN Controller?
Thank you!
Beste regards
Tri
My company is going to use wireless at som branches and just bought a WLAN Controller E-MSM720, and 2 APs for wireless testing.
The WLAN Controller and APs are working good, but the website's security certificate problem and the warning of the red x error on the login page make users comfused and restless.
There is a problem with this website's security certificate.
The security certificate presented by this website was issued for a different website's address.
Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.
We recommend that you close this webpage and do not continue to this website.
........
.......
We also tried some default HP Certificate Stores without luck
1 wireless.hp.internal wireless.hp.internal Web Management Tool, SOAP Server, HTML authentication, Billing records logging system
2 Dummy Server Certificate Dummy Authority RADIUS EAP
3 Management Console Default client certificate Management Console Dummy Authority HP Management console
We put an article of the problem on the HP forum and hoped that someone can help us, but no reply.
We also sent a mail to HP Networking for help and received only the request confirmation of support. We have been waiting for long time and no one could contact us.
Therefore we post the problem here and need your help
Could you please tell us how to solve the problem? and where can we buy such certificate to apply on the WLAN Controller?
Thank you!
Beste regards
Tri
Talk To Other Members
RE: WLAN Controller E-MSM720: Certificate problem
I know there was a posting on the HP forum for the MSM series on certificates not too long ago, so just let me know if you need further info on this matter.
RE: WLAN Controller E-MSM720: Certificate problem
Thanks for your reply.
OK. We choose to use the own internal CA and generate a certificate for the controller. Could you please explain more details?
Yes, this certificate is for non-domain joined machines and smart telephones.
I took 2 screenshots of certificate storage and usage on the WLAN controll: http://itprof.no/Certificate.pdf.
Best regards
Tri
RE: WLAN Controller E-MSM720: Certificate problem
Then you will need to export your CA certificate from your internal CA and import it into your machines/devices as needed. Machines are easy enough (google on how to do this), smartphones are easy also, but different phones require different techniques. Again, just google search "import private CA certificate or internal certificate to _____ (whatever your phones/devices are, etc... apple, android, blackberry, etc...).
Now that your controller has a certificate from a CA and that machine/device trusts the CA, you will not be hit with that screen.
RE: WLAN Controller E-MSM720: Certificate problem
Open "openssl" as administrator
1)req -new -newkey rsa:2048 -nodes -keyout wireless.domain.com.key -out wireless.domain.com.csr
2) x509 -req -days 4500 -in wireless.toa.no.csr -signkey wireless.domain.com.key -out wireless.domain.com.pem
3) pkcs12 -export -in wireless.domain.com.pem -inkey wireless.domain.com.key -out wireless.domain.com.p12
Installing the new SSL certificate onto Certificate Storage of the MSM is succeeded
And then I go to the Certificate Usage / Services PKI management and changed HTTP Authentication to wireless.domain.com
When the users open the browser and the warning is still there. What did I do wrong?
It works only when the users have to manuell install the certificate on Firefox and the users don`t have right to install the certificate on IE. Why?
Can you explain why?
Thanks
Best regards
Tri
RE: WLAN Controller E-MSM720: Certificate problem
RE: WLAN Controller E-MSM720: Certificate problem
You mention IE, so on those you are talking about computers and not phone/devices. If these computers are not a member of the domain, then you will have to treat them the same as your phones/devices that are also not a member of your domain. Yes, you must have local box administrator rights to be able to install a certificate into the local computers certificate store. This is just the nature of the beast since you chose not to use a already publically trusted certificate. You have to install that certificate into every computer and device that is not domain joined. Domain joined computers would have authomatically trusted the domain CA and also, you could have pushed out additional certificates via GPO if need be.
RE: WLAN Controller E-MSM720: Certificate problem
After creating a Certificate Signing Request (CSR) for an SSL certificate
This is what I used to create a 30 days Trial at the certificate vendor to get the certificate signed.
the certificate vendor sent back to me 2 files "Root CA.crt and Intermeidate CA.crt"
I tried to convert to PKCS #12 format, but it did not work.
I sent an mail to the certificate vendor and asked for help how to apply a certificate into the HP WLAN controller
The certificate vendor received my mail, but I have been waiting almost 3 weeks and still not get any response.
Could you please tell me how to convert the PKCS #12 format?
Thank you
Best regards
Tri
RE: WLAN Controller E-MSM720: Certificate problem
RE: WLAN Controller E-MSM720: Certificate problem
I could convert from certi.key and certi.pem (a 30 days Trial) to certi.p12
certi.p12 is applied to Certificate and private key store on the HP WLAN Controller. It worked, and then I changed the certificate usages such as (Web Management Tool,SOAP Server and HTTP authentication to new certicate #12 format
The users see the new URL (no more wireless.hp.internal) at the login page, but the warning and the red X are still on the login page. Why
When I look the status sign at the management, it shows the yellow sign on th certi.12 and the HP Certificate defaults show green sign
The yellow sign, is it becuase a 30 days Trial certificate????
Something about Trusted CA certificate store and PKCS #7 file or X.509 certificate at the management
Do I need to convert to PKCS #7 file or X.509 certificate and then install on Trusted CA certificate store?
Please tell me what I did wrong here?
Thanks
Best regards
Tri
RE: WLAN Controller E-MSM720: Certificate problem
RE: WLAN Controller E-MSM720: Certificate problem
I created a Trial certificate from Verisign
I took 2 screenshots of the WLAN Controller Management: http://itprof.no/Certificate.pdf
At the first screenshot about Certificate stores
I just installed PKCS #12 format at Certificate and private key store
It shows the firth ID issued to firmainternal.wireless and shows the yellow sign.
I did not change anything Trusted CA certificate store.
Do I need to convert to PKCS #7 file or X.509 certificate and then install on Trusted CA certificate store?
At the second screenshot about Certificate usage
HTML authentication is changed to firmainternal.wireless
--------------------
Sorry, what do you mean with is it a public trusted CA in your local computer's certificate store?
Thanks your help
Best regards
Tri
RE: WLAN Controller E-MSM720: Certificate problem
cajuntank, thanks for your help
I got the answer from one company and said that they don`t issuer the local certificate such as .private, .local, .wirelss. They issuer only domain certificate such as .com, .org,.net
Has anyone been involved in this case?
Thanks
Best regards
Tri
RE: WLAN Controller E-MSM720: Certificate problem