Radius Certificate on ProCurve Wireless

Posted on 2011-05-05
Last Modified: 2012-05-11
I am very new to certificates and need some help.

We have a ProCurve 5308xl Switch with a Wireless Edge Services module in it. The VLAN that is set up on the Wireless module is separate from our domains and is for our students to just connect to and have internet access.

We are wanting to use the built in local RADIUS Server on the Wireless Edge module but are running into some certificate issues. We can get RADIUS working but are getting a certificate error. We are wanting to purchase a digitally signed certificate but are not sure how to make a proper CSR.

Through the Wireless module I cannot find any place to make a CSR but I can find a place to make one on the switch itself
Under the SSL Settings on the switch itself here is what I have.

SSL Enable (Is currently off) Port (443)

Then a radio button for:
Create Certificate/Certificate Request

Certificate Type: Create CA Request
RSA Key Size: (Set at "Current Key" but not sure what this does)
Certificate Information Fields
Validity Start Date:
(I was assuming I would pick current date)
Validity End Date: (A year from now?)
Common Name: (By default it is the switch IP address. I was thinking the IP address of the module on the wireless VLAN)
Organization Name: (Company Name)
Organization Unit: (IT Department ?)

Are there any guides on how to make a proper  certificate request and will creating this on the switch and not the module itself have any ill-effects?

Question by:j9benoit
    LVL 20

    Expert Comment

    by:Jakob Digranes
    When working with wireless and certificates, you can use certificates in the following way.

    - use a certificate om AP/Radius server to identify that they connect to the proper radius server, and not a fake one on the outside - set up to collect usernames and passwords. In a domain - you can use internal PKI

    - use certificates on client computers - and then configure radius to only allow wireless to computers with a proper certificate. In a domain - you can use internal PKI

    - use certificates on users - and then configure radius to only allow wireless to users with a proper certificate. In a domain - you can use internal PKI.

    So you need to see if you DO need a certifiate. The certificate error will you get if you configure wireless policoes on radius to validate certificate or to grant access based on smart card or certificate rather than username/password

    Author Comment

    I am sorry maybe I was a little unclear. This wireless network contains no domain. The machines connecting to this network are students personal computers so us installing the certificate is not an option.

    You connect to the wireless network with the correct key and then when you open the browser you get this cert error, This Error. If you proceed you get to the RADIUS log in and everything works peachy. I need to remove this error.

    In the RADIUS configuration on the Wireless Edge Services moduleThis is what I have for importing a cert.

    On the switch that the Wireless Edge Services module is installed These are the options for configuring SSL
    LVL 20

    Expert Comment

    by:Jakob Digranes
    ok - now it more clear. Looking at the options you need for configuring Certificate request:
    Most things is self-explained I guess - (name and address and start/end date)
    When it comes to IP-address/host name, enter the name or the ip-address in the URL for the web browser you open.

    I can recommend Thawte SSL 123 certificates - which is cheap, easy and will do the trick;
    when creating Certficate request you get a

    -start certificate request-
    -end certificate request-

    Which you paste in when ordering certificate with thawte ..

    Accepted Solution

    So I found there was a new software update for that module that was causing the key to be generated incorrectly. Contacted HP and they provided the file. Also figured how to generate CSR from the module.

    Author Closing Comment

    Figured out the answer on my own.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Join & Write a Comment

    Multi-source agreements are important because they set standards that all manufacturers should follow to ensure that devices are compatible with multiple vendors. The multi-source agreement (MSA) is an agreement that establishes how multiple vendors…
    This article is a step by step guide on how to create a basic PTP link using Ubiquiti airOS devices. This guide can be used on the following Ubiquiti AirMAX devices. Nanostation, Bullets, AirBridge, Nanobeam, NanoBridge to name a few. Please review …
    This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
    Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    23 Experts available now in Live!

    Get 1:1 Help Now