Create Case

How to import digital certificate to WiNG controller

  • Article Type:
  • How To
  • Article Number:
  • 000014936
  • Last Modified:
  • 9/18/2018

Objective

Importing signed certificate and its respective issuer / root certificate controller reports error or private key mismatch.

Environment

  • All Summit WM3000 Series Controllers
  • ExtremeWiNG Controllers
  • WirelessWiNG Controllers
  • ExtremeWiNG Access Points
  • WirelessWiNG Acess Points
  • WiNG 5 Software
  • CSR based certificate with valid private key

Procedure

First of all prepare affected certificates in Base-64 form and open them as text file.
Locate signed server certificate (last in certificate manager but firs while viewing as text file) and prepare two files as below

Import Signed Cert

-----BEGIN CERTIFICATE -----
(Signed server certificate)
-----END CERTIFICATE -------
Import CA
-----BEGIN CERTIFICATE -----
(Intermediate CA certificate 1)
-----END CERTIFICATE -------
-----BEGIN CERTIFICATE -----
(Intermediate CA certificate 2)
-----END CERTIFICATE -------
-----BEGIN CERTIFICATE -----
(Root CA certificate)
-----END CERTIFICATE -------

Navigate to Operations - Certificates - Select device you want to import certificates to and select Import - Import CA
 
User-added image
 
Once done, import signed server certificate in same manner. Please not that trustpoint name MUST MATCH
 
User-added image
 
The certificate should be now imported successfully.

Other method is to use general Import via FTP / TFTP
Each file in the FTP folder must have exactly the same filename, only file extension will differ:
 
1. Private Key with .prv extension (not necessary if you have it on controller already)
 
-----BEGIN PRIVATE KEY----- 
(Your Private Key DECRYPTED) 
-----END PRIVATE KEY------- 
 
2. CA chained certificate in a hierarchy with .ca extension: 
 
-----BEGIN CERTIFICATE ----- 
(Intermediate CA certificate 1) 
-----END CERTIFICATE ------- 
-----BEGIN CERTIFICATE ----- 
(Intermediate CA certificate 2) 
-----END CERTIFICATE ------- 
-----BEGIN CERTIFICATE ----- 
(Root CA certificate)
-----END CERTIFICATE ------- 
 
3. Signed Server Certificate with .crt extension: 
 
-----BEGIN CERTIFICATE ----- 
(Signed server certificate) 
-----END CERTIFICATE ------- 
 
4. Certificate Revocation List with .crl extension

-----BEGIN CERTIFICATE ----- 
(CRL list in Base64 form) 
-----END CERTIFICATE ------- 
Then initiate general Import from same tab as mentioned above
 
User-added image

 

Additional notes

Feedback