Radius Certificate on ProCurve Wireless

I am very new to certificates and need some help.

We have a ProCurve 5308xl Switch with a Wireless Edge Services module in it. The VLAN that is set up on the Wireless module is separate from our domains and is for our students to just connect to and have internet access.

We are wanting to use the built in local RADIUS Server on the Wireless Edge module but are running into some certificate issues. We can get RADIUS working but are getting a certificate error. We are wanting to purchase a digitally signed certificate but are not sure how to make a proper CSR.

Through the Wireless module I cannot find any place to make a CSR but I can find a place to make one on the switch itself
Under the SSL Settings on the switch itself here is what I have.


SSL Enable (Is currently off) Port (443)

Then a radio button for:
Create Certificate/Certificate Request

Certificate Type: Create CA Request
RSA Key Size: (Set at "Current Key" but not sure what this does)
Certificate Information Fields
Validity Start Date:
(I was assuming I would pick current date)
Validity End Date: (A year from now?)
Common Name: (By default it is the switch IP address. I was thinking the IP address of the module on the wireless VLAN)
Organization Name: (Company Name)
Organization Unit: (IT Department ?)
City:
State:
Country:

Are there any guides on how to make a proper  certificate request and will creating this on the switch and not the module itself have any ill-effects?

j9benoitAsked:
Who is Participating?
 
j9benoitConnect With a Mentor Author Commented:
So I found there was a new software update for that module that was causing the key to be generated incorrectly. Contacted HP and they provided the file. Also figured how to generate CSR from the module.
0
 
Jakob DigranesSenior ConsultantCommented:
When working with wireless and certificates, you can use certificates in the following way.

- use a certificate om AP/Radius server to identify that they connect to the proper radius server, and not a fake one on the outside - set up to collect usernames and passwords. In a domain - you can use internal PKI

- use certificates on client computers - and then configure radius to only allow wireless to computers with a proper certificate. In a domain - you can use internal PKI

- use certificates on users - and then configure radius to only allow wireless to users with a proper certificate. In a domain - you can use internal PKI.

So you need to see if you DO need a certifiate. The certificate error will you get if you configure wireless policoes on radius to validate certificate or to grant access based on smart card or certificate rather than username/password
0
 
j9benoitAuthor Commented:
I am sorry maybe I was a little unclear. This wireless network contains no domain. The machines connecting to this network are students personal computers so us installing the certificate is not an option.

You connect to the wireless network with the correct key and then when you open the browser you get this cert error, This Error. If you proceed you get to the RADIUS log in and everything works peachy. I need to remove this error.

In the RADIUS configuration on the Wireless Edge Services moduleThis is what I have for importing a cert.

On the switch that the Wireless Edge Services module is installed These are the options for configuring SSL
0
 
Jakob DigranesSenior ConsultantCommented:
ok - now it more clear. Looking at the options you need for configuring Certificate request:
Most things is self-explained I guess - (name and address and start/end date)
When it comes to IP-address/host name, enter the name or the ip-address in the URL for the web browser you open.

I can recommend Thawte SSL 123 certificates - which is cheap, easy and will do the trick;
http://www.thawte.com/ssl/ssl123-ssl-certificates/index.html
when creating Certficate request you get a

-start certificate request-
ddsfjgpi3r809dsfspo
-end certificate request-

Which you paste in when ordering certificate with thawte ..
0
 
j9benoitAuthor Commented:
Figured out the answer on my own.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.