Uploading Certificates
A certificate is a digital file that certifies the identity of the organization or products of the organization. It is also used to establish your credentials for any Web transactions. It contains the organization name, a serial number, expiration date, a copy of the certificate-holder's public key, and the digital signature of the certificate-issuing authority so that a recipient can ensure that the certificate is real.
Instant supports the following certificate files:
|
|
Auth server or captive portal server certificate: PEM format with passphrase (PSK) |
|
|
CA certificate: PEM or DER format |
In the current release, IAP supports uploading of a customized certificate for internal captive portal server.
This section describes the following procedures:
Loading Certificates through Instant UI
To load a certificate in the Instant UI:
|
1.
|
Click the Maintenance link at the top right corner of the Instant main window. |
|
2.
|
Click the Certificates tab. The Certificates tab contents are displayed. The following figure shows the Certificates window: |
Figure 1 Maintenance Window: Certificates Tab
|
3.
|
To upload a certificate, click Upload New Certificate. The New Certificate window is displayed. |
|
4.
|
Browse and select the file to upload. |
|
5.
|
Select any of the following types of certificates from the Certificate type drop-down list: |
|
|
CA—CA certificates validate the client’s certificate. |
|
|
Auth Server—The authentication server certificate verifies the server's identity to the client. |
|
|
Captive portal server—Captive portal server certificate verifies internal captive portal server's identity to the client. |
|
6.
|
Select the certificate format from the Certificate format drop-down list. |
|
7.
|
If you have selected Auth Server or Captive portal server type, enter a passphrase in Passphrase and reconfirm. The default password is whatever. If the certificate does not include a passphrase, there is no passphrase required. |
|
8.
|
Click Browse and select the appropriate certificate file, and click Upload Certificate. The Certificate Successfully Installed message is displayed. |
Loading Certificates through Instant CLI
To upload a certificate:
(Instant AP)# copy tftp {<ip-address> <filename> cpserver cert <password> format {p12|pem} |system {1xca [format {der|pem}]|1xcert <passsword>[format {p12|pem}]}
Loading Certificates through AirWave
You can manage certificates using the AirWave. The AMP directly provisions the certificates and performs basic certificate verification (such as certificate type, format, version, serial number and so on), before accepting the certificate and uploading to an IAP network. The AMP packages the text of the certificate into an HTTPS message and sends it to the Virtual Controller. After the VC receives this message, it draws the certificate content from the message, converts it to the right format, and saves it on the RADIUS server.
To load a certificate in AirWave:
|
1.
|
Navigate to Device Setup > Certificate and then click Add to add a new certificate. The Certificate window is displayed. |
|
2.
|
Enter the certificate Name, and click Choose File to browse and upload the certificate. |
Figure 2 Loading Certificate via AirWave
|
3.
|
Select the appropriate Format that matches the certificate file name. Select Server Cert for certificate Type, and provide the passphrase if you want to upload a Server certificate. Select either Intermediate CA or Trusted CA certificate Type, if you want to upload a CA certificate. |
Figure 3 Server Certificate
|
4.
|
After you upload the certificate, navigate to Groups, click the Instant Group and then select Basic. The Group name is displayed only if you have entered the Organization name in the Instant UI. For more information, see Configuring Organization String for further information. |
Figure 4 Selecting the Group
The Virtual Controller Certificate section displays the certificates (CA cert and Server).
|
5.
|
Click Save to apply the changes only to AirWave. Click Save and Apply to apply the changes to the IAP. |
|
6.
|
To clear the certificate options, click Revert. |
