TIPs when working with Certificates by Ulises Cázares

 Hi, in this post I'm going to write some tips when you need to work with certificates


Tips when you need to request a cert:

  1. If you need to install the cert in diferent type of devices the best way, for me, to do it is making the CSR in opensll using an encrypted private key (rememeber the password!!!). In this way you will have the CSR and private key file in Base64 which most of CAs and devices accept.
  2. Once you have the CSR and PrivateKey File send the CSR to the CA and wait for the cert

 

Tips when you have or get the cert:

  1. Get the certificate for your device in PEM(base64) or "CRT" format whenever is possible (since you can open them in a notepad and work with them)
  2. Have the openssl application installed in windows or linux so you can convert the cert to other formats if required.    In this link you can see the commands to convert among formats. https://aboutssl.org/ssl-tools/ssl-converter.php.
  3. Practice the certificate convertion before you need to do it. 

 

Keep in mind the following when you have the cert:

 It's vendor decision to accept one or several certificate formats that's why you'll need to know how to convert them and what are the prerequsites for each format.

When you want to create a Base64 cert in PEM format you can use notepad, just the file as "all files" and put the the name of the file between " and use the following order which normally works. Note.- In some cases you won't need the Intermediate or Root CA in that file but you will need to upload the Root CA to the device in advanced.

Certificate

Private Key

Intermediate CA (if Any)

Root CA


If you want to see how to create CSR in a device (online option where the Private key stays inside the device) or in openssl (offline option where you have the private key file) wathc the 77th session at the following link:  https://thewifiofthings.com/   (Note.-It's in spanish)

If you want to see a few examples to convert certs you can watch the 78th Tesos session at the following link:  https://thewifiofthings.com/   (Note.-It's in spanish)



Hope this helps

Comments

Post a Comment

Popular posts from this blog

Aruba Clearpass - How to configure the Cisco WLC for Guest and MAC Caching by Ulises Cázares

Image
 Hi this is a step by step on how to configure an SSID in a functional Cisco WLC (8.10)  for Guest Authentication and MAC Caching using Aruba Clearpass General Steps (this guide assumes you have correctly configured the Clearpass side) Create an Authentication Server (The secret is the same as the one configured in Clearpass) Create an Accounting Server (The secret is the same as the one configured in Clearpass) Configure the WebAuth login Page (use the configured guets login page in Clearpass) Make sure the Web Auth Certificate points to the virtual IP in the WLC Create the FlexConnect Access List (or IPV4) Make sure WebAuth SecureWeb is enable Configure the SSID with the appropiate settings   1.- Create an Authentication Server 2.- Create an Accounting Server  3.- Configure the WebAuth login Page (in this example is; guest.demo-clearpass.net/cisco_login.php)  Note.- In order to avoid the security warnings in the conencting devices, install the appropiate certificate in Clearpass wit
Read more

Using API in ArubaOS Switches with Postman by Ulises Cázares

Image
 Hi, today I'm gonna show how to interact with the Aruba OS version 16.10 switches API using postman. My intention is that you know how to construct the request using headers, parameters and the body of the request. The first things to start working with the switch API are: to have administrative access to the device and to make sure of the switch version so you can look for the appropiate document. Remember, APIs can change form version to version.  You can use the command: show version. In my case is 16.10 Then you can make a quick search in google like "Aruba switch 16.10 API" to get the document and find out what are the option provided in the API. In the document you will find examples using curl and that's why i'm writting this in postman, so you have options. Now, let's do 4 thing so you can use the API: Make sure the REST interface is enable or enable it Login to the device API Construct a GET request Construct a POST request  Make sure the REST inter
Read more

WiFi - How to know supported channels by a wireless client by Ulises Cázares

Image
 Hi, in this post I would tell you how to be sure which WiFi channels are supported by a wireless client so we can configure wireless solutions that will work with the endpoints in the environment. I normally approach this topic in 2 ways 1. Directly in the wireless client This one is the obvious option but, in my experience, the majority of wireless clients don't show that in any part of the configuration. Because wireless clients are very different and their configurations menus too there's no way to show a "common" path to see the supported channels(if the wireless client shows them)   2.- Use a wireless adapter in monitor mode and wireshark to see an Association Request paquet from the client. In the following images we'll see where in the association request we can see that information.    The fastest way to do it is to follow these steps: Put the wireless adapatar in monitor mode in the AP channel we'are going to connect the wireless client Open wireshar
Read more