Install GoDaddy wildcard SSL on WLC 2504 conroller

Similar Messages

• Install GoDaddy Wildcard SSL cert on GW WebAccess - ver.8

  I have followed all of the documentation regarding generating a CSR, creating the new eDirectory object from which that CSR is generated, then subsequently downloading and doing the "read from file" SSL cert installation, and it won't validate.
  I have a NetWare 6.5, SP8 server running Apache/Tomcat and it's our GroupWise WebAccess server (version 8).
  I want to encrypt the sessions as well as the authentication from the GW WebAccess login screen (right now, it's just http://).
  Our institution purchased a wildcard, unlimited subdomain, SSL certificate from GoDaddy to use for this, and other, SSL cert. needs.
  No matter what I do, it won't work.
  I am using ConsoleOne to create the new eDirectory object according to the documentation, generate the CSR, and install the certificate, but to no avail.
  Can anyone help?

  Originally Posted by AndersG
  Fmcunningham,
  > > I am looking at installing a cert as well. I have NOWS SBE 2.0
  > > upgrading to SBE 2.5 this weekend and would like to add a CA Cert. Do I
  > > need a Wild card cert to be able to accomplish this?
  >
  Only difference between a wildcard and a regular (apart from price) is that
  a wildcard covers all hosts in a domain,. Ie *.acme.com, whereas a regular
  cert only covers a named host, homer.acme.com
  - Anders Gustafsson (Sysop)
  The Aaland Islands (N60 E20)
  Novell has a new enhancement request system,
  or what is now known as the requirement portal.
  If customers would like to give input in the upcoming
  releases of Novell products then they should go to
  http://www.novell.com/rms
  I am running SBE 2.0 upgrading soon to SBE 2.5. I am not using sub domains, so I think I should be fine with just a normal cert. The real reason I want to go with a cert from a CA instead of a self signed is for webaccess.

• Can't install a wildcard SSL certificate

  Running ML Server. I have a GoDaddy issued wildcard SSL certificate to *.mydomain.com. The certificate is currently installed on a different (non-Mac OS) server. I am able to cut and paste the main certificate, private key and other chain certificates from that server's interface and paste into a text file using TextWrangler. On the OS X server I deleted all of the old certificates in KeyChain (this server had an old wildcard version of the certificate before), deleted the old wildcard cert in Server.app and deleted the corresponding files in /etc/certificates
  I then created a new self-signed certificate for *.mydomain.com in Server.app, then selected it, went to Manage Certificates and tried up update the self-signed certifcate with the signed certificate using the Server.app interface. The interface enables you to drag and drop certifcate and chain files to add.
  However, this is where it gets strange...
  The first time I drag the certificate file to the interface, I get the green + symbol, let go and nothing happens. If I do it again, the interface lights up green again, but this time it adds it to the Non-identify certificate list. I am able to replicate this every time!
  Why does the interface show me the first time that I can drag the file, but does nothing, and then the second time adds it as a non-identity certificate? Same behavior happens if I start with the chain certificate as well.
  I can confirm that the four certificate files show up in /etc/certificates, but they appear to be generated by the self-signed certificate creation.
  Any insights appreciated! TAA

  In fact i had the same issue last week and i could only solve it by exporting the key with the certificate in a PCKS12 file. Fortunately this is supported by the windows certificate manager where the certificate was originally installed.
  You could take your key and certificate files and merge them into a PKCS12 file using openssl (go to terminal, it is installed on an OSX box) and fire the following command (and change the filenames ;-)):
  openssl pkcs12 -export -inkey openssl_key.pem -in openssl_crt.pem -out openssl_key_crt.p12 -name openssl_key_crt
  The openssl tool requests a passphrase for the created file that you will need to provide again when the key is imported into the keychain.
  Good luck with it

• Install wildcard SSL on Cisco Prime Infrastructure 1.4

  I'm trying to install a wildcard SSL on a Cisco Prime Infrastrucure 1.4.
  I've manage to install this certificate on the Cisco 5508 WLC, however not so much success with the Cisco Prime.
  There are alot of documentation regarding the installtion of CSR certificates however I could not find anything related to wildcard or public key certificates from Cisco.
  I did find the following from a NetBoyers, I've tried this process however this seems to apply for NCS versions prior to 1.4 as it was unsuccessful
  Any assistance would be creatly appreciated.

  I was able to follow the procedure in the Admin Guide to successfully import and use a CA-issued wildcard certificate (from GoDaddy) with unencrypted private key where the original CSR was not generated by the Prime Infrastructure server.
  Prime needs to be defined with a record in your DNS serving the domain in the wildcard certificate. In my case I am using both an A record and cname alias.
  Following a server restart the wildcard certificate appears fine in Chrome, Firefox and IE when I browse to https://prime.<my_customer's_domain>.
  Below are the commands I used. You would need to have your own certificate and keyfile. My certificate includes the full chain - server certificate, intermediate certificate and root certificate in that order.
  PI01/admin# copy ftp://192.168.254.7/privatekeyplaintext.pem disk:
  Username: admin
  Password:
  PI01/admin# copy ftp://192.168.254.7/gd_bundle-g2-g1.crt disk:
  Username: admin
  Password:
  PI01/admin#
  PI01/admin# root
  Enter root password : 
  Starting root bash shell ... 
  ade # pwd
  /root
  ade #
  ade # cd ..
  ade #
  ade # cd localdisk
  ade # ls -al
  total 68
  drwxr-xr-x 8 root root 4096 Nov 2 09:51 .
  drwxr-xr-x 28 root root 4096 Oct 28 11:22 ..
  lrwxrwxrwx 1 root root 20 Jul 14 13:11 crash -> /opt/CSCOlumos/crash
  drwxr-xr-x 2 root root 4096 Jul 15 23:31 defaultRepo
  drwxr-xr-x 2 root root 4096 Jul 14 13:10 ftp
  -rw-rw-rw- 1 root gadmin 6710 Nov 2 09:51 gd_bundle-g2-g1.crt
  drwx------ 2 root root 16384 Apr 17 2014 lost+found
  -rw-rw-rw- 1 root gadmin 1679 Nov 2 09:50 privatekeyplaintext.pem
  drwxr-xr-x 2 root root 4096 Jul 14 13:10 ssh
  drwxr-xr-x 2 root root 4096 Jul 14 13:10 telnet
  drwxr-xr-x 2 root root 12288 Nov 2 09:57 tftp
  ade #
  ade # mv ./gd_bundle-g2-g1.crt ./defaultRepo
  ade # mv ./privatekeyplaintext.pem ./defaultRepo
  ade #
  ade # exit
  exit
  PI01/admin# show repository defaultRepo
  PI01-140715-0330.tar.gpg
  PI01-140716-0330.tar.gpg
  gd_bundle-g2-g1.crt
  privatekeyplaintext.pem
  PI01/admin#
  PI01/admin# ncs key importcacert wildcardcert gd_bundle-g2-g1.crt repository defaultRepo
  INFO: no staging url defined, using local space. rval:2
  truststore used is /opt/CSCOlumos/conf/truststore
  The NCS server is running
  Changes will take affect on the next server restart
  Importing certificate to trust store
  PI01/admin#
  PI01/admin# ncs key importkey privatekeyplaintext.pem gd_bundle-g2-g1.crt repository defaultRepo
  INFO: no staging url defined, using local space. rval:2
  INFO: no staging url defined, using local space. rval:2
  truststore used is /opt/CSCOlumos/conf/truststore
  The NCS server is running
  Changes will take affect on the next server restart
  Importing RSA key and matching certificate
  PI01/admin#
  PI01/admin# ncs stop
  Stopping Network Control System...
  This may take a few minutes...
  Network Control System successfully shutdown.
  Plug and Play Gateway is being shut down..... Please wait!!!
  Stop of Plug and Play Gateway Completed!!
  SAM daemon process id does not exist
  DA daemon process id does not exist
  DA syslog daemon process id does not exist
  PI01/admin# ncs start
  Starting Network Control System...
  This may take a few minutes...
  Network Control System started successfully.
  PI01/admin#

• Wildcard SSL Cert

  Is it possible to install a wildcard SSL cert in Messaging Server? I attempted to install the cert that I have and I am giving an error saying "cert was not generated for this server".
  Thanks,
  Pete

  I have managed to use pk12util to import the wildcard cert into the trust store. I have used configutil to set the appropriate parameters to enable SSL and POP over SSL. However, when I start the server I get the following error in the imta log file: General Error: SSL initialization error: ASockSSL_Init: PK11 auth failed to *.unca.edu (-8177).

• Installing a Wildcard Certificate in STRUST

  Hi,
  I am trying to install a wildcard SSL certificate using STRUST on our ABAP system.
  If I try to import it using the "Import Cert. Response" button, I get an error message saying the certificate cannot be installed. I presume this is because my private key does not match the public key of the certificate.
  How can I get a wildcard certificate working with my ABAP system? Do I need to somehow change the private key of my system?
  Thanks in advance

  Hi Stuart,
  Please check below thread it may help in your case.
  Problem importing a certificate using Strust
  https://scn.sap.com/thread/1587251
  BR
  Atul

• Use Wildcard SSL Cert to Monitor Non-Domain COmputers

  Hello,
    I was wondering if a Wildcard SSL Cert from GoDaddy or another Provider can be used to monitor Non-Domain Computer on SCOM 2012R2?
  TIA,
  Jim

  Hi,
  The Operations Manager agents support two types of authentication method, Kerberos or certificate based authentication. In order to monitor servers and clients located outside the Operations Manager’s native Active Directory domain, you will need to configure
  certificate authentication using either an internal Certificate Authority or through a 3rd party Certificate Authority.
  Regards,
  Yan Li
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Wildcard SSL certificates

  Hi, I was wondering if someone got CSS1150X with SSL accelerator working with wildcard SSL certificate. We have 10+ sites we would like to enable SSL and figured wildcard certificates are way to go based on the cost. Specially, since most of the wildcard certificates comes with limitation of being able to install it on only one physical machine. I assume CSS would be considered one physical machine if SSL traffic is terminated on the CSS, however, wanted to find out whether wildcard SSL certificate is supported on CSS. We are using CSS11503 and depending on whether it supports wildcard certificate, we are planning on purchasing SSL accelerator.

  Thanks for the information, Gilles. Looking at the pricing structure of SSL certificates, I wonder why wildcard certs aren't widely used as one would expect based on the cost. Well, I guess I will find out when I implement one. Thanks again.

• Wildcard SSL Server 3.2.1

  I purchased a wildcard SSL certificate from Go Daddy. My public website is hosted by go daddy (www.example.com). I have a server (OS X 10.9.5, Server 3.2.1) in the office to handle printer, file sharing, profile manager, etc. (server.example.com) I want to assign an SSL for the server, and the public website on go daddy. I cannot however enter *.example.com in the host name field on the Get a Trusted Certificate dialog. If I allow it to use server.example as the host name, when I paste the CSR into Go Daddy's site, it of course gives me the error that the CSR is only for a sub domain, not a wildcard.
  Can anyone help me? I want to use the Wildcard to secure example.com as well as server.example.com and any other subdomain...

  You can't do that through the Server app.
  Generating a Certificate Signing Request (CSR) - Apache 2.x | GoDaddy Help

• Wildcard * SSL Certificates for TTA??

  Is there any way I can use a wildcard SSL certificate like:
  *.mycompany.com
  in my TTA server?
  I was able to run all the cert commands successfully using the
  *.mycompany.com cert:
  Generated the CSR (tarantella security certrequest)
  Installed the Cert File (tarantella security certuse)
  Installed the Chained CA cert (tarantella security customca)
  Review/validate certinfo (tarantella security certinfo)
  The TTA-installed Apache webserver was fine with the wildcard certificate
  since I was able to goto:
  https://subdomain.mycompany.com (FYI, the subdomain is NOT "www")
  But after I went to:
  https://subdomain.mycompany.com/tarantella/
  I got the following errors in my Java Console:
  Secure Global Desktop 4.10.903: Connecting to Secure Global Desktop
  server...
  Secure Global Desktop 4.10.903: Using secure connection to
  Secure Global Desktop server subdomain.mycompany.com:443
  Secure Global Desktop 4.10.903: Certificate (*.mycompany.com) not accepted
  for this Secure Global Desktop server (subdomain.mycompany.com) due to name
  mismatch.
  Secure Global Desktop 4.10.903: Client dropping connection.
  Secure Global Desktop 4.10.903: Unable to connect: Certificate
  (*.mycompany.com) not accepted for this Secure Global Desktop server
  (subdomain.mycompany.com) due to name mismatch.
  Secure Global Desktop 4.10.903: Missing negotiation feature cgi script
  Is there a way that I can get the applet to do a regex-ish match on the name
  for wildcard certs?
  Cyrus

  Hi Cyrus
  I was loosely referring to PKI rules e.g.
  http://www.ietf.org/proceedings/98mar/98mar-edited-110.htm
  http://www.iihe.ac.be/internal-report/1997/stc-97-19.html
  Wildcarding isn't supported. I understand what you are trying to do now
  but it won't work because the software is looking for a certificate
  matching a single server.
  The certrequest command is just a wrapper script for openssl so it won't
  stop you doing anything the openssl command believes may be valid. You don't
  actually need to use this command it's just there for convenience, you
  could do everything just using openssl.
  The current documentation doesn't explictly state that you can't use
  wildcards in certificates but it does say you need a certificate for a
  SGD server. My understanding of the wildcard issue is that it is up to
  a particular application to decide what is appropriate.
  http://www.tarantella.com/support/documentation/sgd/ee/4.1/help/en-us/tsp/gettingstarted/whatare_certs.html
  Regards
  Barrie
  On 2005-08-15, Cyrus Mehta <[email protected]> wrote:
  May I inquire as to where these rules are listed regarding SSL Certs, I
  didn't see anything to the effect in the documentation. Also why weren't
  the rules enforced at certificate generation time. Even the validation
  command (tarantella security certinfo) had no problems.
  The CSR generation/signing went through flawlessly and created a wildcard
  cert that Apache could use. It's one thing if the whole cert process
  couldn't handle a wildcard, but it seems like everything would have worked
  if only the applet accepted a wildcard regex match.
  Regards,
  Cyrus
  barrie wrote:
  Hi Cyrus
  No, sorry. The rules say you can't do that. You are required to have a
  certificate for a node not a network.
  Regards
  Barrie
  On 2005-08-05, CM <[email protected]> wrote:
  Is there any way I can use a wildcard SSL certificate like:
  *.mycompany.com
  in my TTA server?
  I was able to run all the cert commands successfully using the
  *.mycompany.com cert:
  Generated the CSR (tarantella security certrequest)
  Installed the Cert File (tarantella security certuse)
  Installed the Chained CA cert (tarantella security customca)
  Review/validate certinfo (tarantella security certinfo)
  The TTA-installed Apache webserver was fine with the wildcard certificate
  since I was able to goto:
  https://subdomain.mycompany.com (FYI, the subdomain is NOT "www")
  But after I went to:
  https://subdomain.mycompany.com/tarantella/
  I got the following errors in my Java Console:
  Secure Global Desktop 4.10.903: Connecting to Secure Global Desktop
  server...
  Secure Global Desktop 4.10.903: Using secure connection to
  Secure Global Desktop server subdomain.mycompany.com:443
  Secure Global Desktop 4.10.903: Certificate (*.mycompany.com) not accepted
  for this Secure Global Desktop server (subdomain.mycompany.com) due to
  name
  mismatch.
  Secure Global Desktop 4.10.903: Client dropping connection.
  Secure Global Desktop 4.10.903: Unable to connect: Certificate
  (*.mycompany.com) not accepted for this Secure Global Desktop server
  (subdomain.mycompany.com) due to name mismatch.
  Secure Global Desktop 4.10.903: Missing negotiation feature cgi script
  Is there a way that I can get the applet to do a regex-ish match on thename
  for wildcard certs?
  Cyrus

• WLC 2504 - French characters for guest web login page

  Good day,
  I have recently installed a WLC 2504 and I have the following issue:
  When I modify the text for the web login page (Under security/Web Auth/Web Auth page), if I use french caracters such as (é, è, à, etc...) in the message body, it does not show up correctly on users computers. As we're a bilingual country, I must put a bilingual text message. Are there any settings or workaround out there to rectify this?
  We're on version 7.2.103.0
  Thanks,
  Eric

  Thanks Scott, I'll have a look at the documentation.
  Right after sending this post, I tried typing the actual HTML code for the character instead and it seems to be working. I'm curious about custom webauth page, we may be able to customize it more than we thought we could do.
  Cheers,
  Eric

• WLC 2504 can't change WAP name or switch off CDP via WLC gui

  Hi All,
  Please can you assist? I have 1 x Cisco WLC 2504 & 2 x Cisco WAP AIR-CAP1602I-E-K9 running 7.4.100.60.
  All three devices are installed and working correcty within a corporate environment. However, there are a few tweaks that I would like to do, to tidy up the configuration and switch certain elements on or off. For example, my core networking hardware is Huawei and I would like to switch off 'CDP' on the WAP's as the associated error messages are filling up my logging buffer on my switch. So, I https to my WLC, locate the WAP in question, goto 'interfaces' and untick the box for 'CDP state' hit apply, then I get the following error message "controller name is mandatory when controller ip address is configured" and then the tick reappears!
  At present I have two WAP's. Both have static IP addresses and both are reachable on the network. The one WAP did allow me to change the name to something meaningful, but the other WAP would not let me and still has the default MAC address as its name. I have the same issue, when I try to change the name on the WAP it says "controller name is mandatory when controller ip address is configured"
  I have also tried to CLI directly in to the WAP to make these alterations, but as soon as i launch 'putty' it quits out. I guess this is locked down once the WAP's associate with the WLC.
  And around I go.... Someone must have been in this situation, what am i missing? Thanks in advance!

  Hi Andy,
  By default SSH & Telnet is disabled for WLC controlled APs. So you have to enable it first via WLC GUI in order to access the AP via telnet or SSH.
  Wireless -> Select your AP -> Advanced -> Tick Telnet/SSH boxes.
  If you could not change AP name via WLC GUI (it may be a bug), but as I said earlier try to change it via WLC CLI (not AP CLI itself). SSH  to your WLC & then try the following.Old AP name is the one with its mac address.
  (WLC) >config ap name
  (WLC) >save config      
  Are you sure you want to save? (y/n) y
  Configuration Saved
  HTH
  Rasika
  *** Pls rate all useful responses ****

• WLC 2504 HA Configuration

  Hi Guys,
  What configuration should I use in order to configure HA using 2x Cisco WLC 2504 ?
  - Do I need to have licenses for 2x Controllers ? I have only one WLC with license installed.  
  At the moment I have the following scenario below.
  AIR-CT2504-K9 – Primary (30 Aps Supported)
  AIR-CT2504-HA-K9 – Secondary (0 license)
  Software Version - 7.6.130.0 (Both Controllers)
  Both controllers are going to be in the same place.
  Can anyone help me please ?
  Thanks,
  Everton

  Thanks Scott Fella !
  Just one more question.
  Should I use a crossover cable to connect the primary controller to the secondary ? Or should I use a switch to connect them ?
  Thanks,
  Everton

• Savant and WLC 2504

  The customer have 1x WLC 2504 and 7x AP 3502i.
  He are installing a automation system called Savant, this system use the Bonjour protocol to discovery the services on the network.
  I've configured the multicast group on controller and switch (SG300) with IP 239.xxx.xxx.xxx, but the Savant (on iPad) don't finds the service.
  Somebody has gone through a similar scenario?
  I've used this document: http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_tech_note09186a0080bb1d7c.shtml
  PS: The customer haven't VLAN
  Best regards.

  #Disable mdns/bonjour on wlc. place the WLC Management and AP vlan on same subnet. keep the savant server and iphone on same wlan and try.
  #WLC 2500 supports only Multicast to Multicast for AP mode, be sure that wired side Multicast is configured properly and working.
  #Try with any standard app to verify bonjour and AP mode multicast works.
  #it is possible there may be any specific string that require to be added onto bonjour profile for savant to work. do debug mdns all enable and see what is missing.
  it is suggested to open TAC case for troubleshooting.

• SA520 Wildcard SSL Certificate?

  I have a wildcard SSL certificate for our domain from RapidSSL.  I installed the intermediary certificates fine but I can't get the acutal cert to install.  I get the message "Can't Upload Invalid Self Certificate" message.  Has anyone else ever successfully used a wildcard cert with an SA?

  Hello Mr. Williamson,
  In order to get a new SSL certificate please follow the next instructions:
  STEP 1 : Click Administration > Authentication.
  The Authentication (Certificates) window opens.
  STEP 2 For each type of certificate, perform the following actions, as needed:
  • To add a certificate, click Upload. You can upload the certificate from the PC
  or the USB device. Click Browse, find and select the certificate, and then
  click Upload.
  • To delete a certificate, check the box to select the certificate, and then click
  Delete.
  • To download the router’s certificate (.pem file), click the Download button
  under the Download Settings area.
  STEP 3 To request a certificate from the CA, click Generate CSR.
  The Generate Certification Signing Request window opens.
  a. Enter the distinguished name information in the Generate Self Certificate
  Request fields.
  • Name: Unique name used to identify a certificate.
  • Subject: Name of the certificate holder (owner). The subject field populates
  the CN (Common Name) entry of the generated certificate and can contain
  these fields:
  - CN=Common Name
  - O=Organization
  - OU=Organizational unit
  - L= Locality
  - ST= State
  - C=Country
  For example: CN=router1, OU=my_dept, O=my_company, L=SFO, C=US
  Whatever name you choose will appear in the subject line of the generated
  CSR. To include more than one subject field, enter each subject separated
  by a comma. For example: CN=hostname.domain.com, ST=CA, C=USA
  • Hash Algorithm: Algorithm used by the certificate. Choose between MD5
  and SHA-1
  • Signature Algorithm: Algorithm (RSA) used to sign the certificate.
  • Signature Key Length: Length of the signature, either 512 or 1024.
  • (Optional) IP Address, Domain Name, and Email Address
  b. Click Generate.
  A new certificate request is created and added to the Certification Signing
  Request (CSR) table. To view the request, click the View button next to the
  certificate you just created.
  Or you could check it on the next link. please check page 191
  http://www.cisco.com/en/US/docs/security/multi_function_security/multi_function_security_appliance/sa_500/administration/guide/SA500_AG_OL1911404.pdf
  hope you find this answer useful, if it was satisfactory  for you, please mark the question as Answered.
  Thank you