Learn how to a build a cloud-first strategyRegister Now


Radius Certificate on ProCurve Wireless

Posted on 2011-05-05
Medium Priority
Last Modified: 2012-05-11
I am very new to certificates and need some help.

We have a ProCurve 5308xl Switch with a Wireless Edge Services module in it. The VLAN that is set up on the Wireless module is separate from our domains and is for our students to just connect to and have internet access.

We are wanting to use the built in local RADIUS Server on the Wireless Edge module but are running into some certificate issues. We can get RADIUS working but are getting a certificate error. We are wanting to purchase a digitally signed certificate but are not sure how to make a proper CSR.

Through the Wireless module I cannot find any place to make a CSR but I can find a place to make one on the switch itself
Under the SSL Settings on the switch itself here is what I have.

SSL Enable (Is currently off) Port (443)

Then a radio button for:
Create Certificate/Certificate Request

Certificate Type: Create CA Request
RSA Key Size: (Set at "Current Key" but not sure what this does)
Certificate Information Fields
Validity Start Date:
(I was assuming I would pick current date)
Validity End Date: (A year from now?)
Common Name: (By default it is the switch IP address. I was thinking the IP address of the module on the wireless VLAN)
Organization Name: (Company Name)
Organization Unit: (IT Department ?)

Are there any guides on how to make a proper  certificate request and will creating this on the switch and not the module itself have any ill-effects?

Question by:j9benoit
  • 3
  • 2
LVL 22

Expert Comment

by:Jakob Digranes
ID: 35705819
When working with wireless and certificates, you can use certificates in the following way.

- use a certificate om AP/Radius server to identify that they connect to the proper radius server, and not a fake one on the outside - set up to collect usernames and passwords. In a domain - you can use internal PKI

- use certificates on client computers - and then configure radius to only allow wireless to computers with a proper certificate. In a domain - you can use internal PKI

- use certificates on users - and then configure radius to only allow wireless to users with a proper certificate. In a domain - you can use internal PKI.

So you need to see if you DO need a certifiate. The certificate error will you get if you configure wireless policoes on radius to validate certificate or to grant access based on smart card or certificate rather than username/password

Author Comment

ID: 35707279
I am sorry maybe I was a little unclear. This wireless network contains no domain. The machines connecting to this network are students personal computers so us installing the certificate is not an option.

You connect to the wireless network with the correct key and then when you open the browser you get this cert error, This Error. If you proceed you get to the RADIUS log in and everything works peachy. I need to remove this error.

In the RADIUS configuration on the Wireless Edge Services moduleThis is what I have for importing a cert.

On the switch that the Wireless Edge Services module is installed These are the options for configuring SSL
LVL 22

Expert Comment

by:Jakob Digranes
ID: 35708888
ok - now it more clear. Looking at the options you need for configuring Certificate request:
Most things is self-explained I guess - (name and address and start/end date)
When it comes to IP-address/host name, enter the name or the ip-address in the URL for the web browser you open.

I can recommend Thawte SSL 123 certificates - which is cheap, easy and will do the trick;
when creating Certficate request you get a

-start certificate request-
-end certificate request-

Which you paste in when ordering certificate with thawte ..

Accepted Solution

j9benoit earned 0 total points
ID: 35795403
So I found there was a new software update for that module that was causing the key to be generated incorrectly. Contacted HP and they provided the file. Also figured how to generate CSR from the module.

Author Closing Comment

ID: 35821636
Figured out the answer on my own.

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Need WiFi? Often, there are perfectly good networks that don't have WiFi capability - and there's a need to add it.  - Perhaps you have an Ethernet port into a network but no WiFi nearby. - Perhaps you have a powerline extender and no WiFi at the…
In the modern office, employees tend to move around the workplace a lot more freely. Conferences, collaborative groups, flexible seating and working from home require a new level of mobility. Technology has not only changed the behavior and the expe…
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Suggested Courses
Course of the Month20 days, 17 hours left to enroll

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question