Radius, can't import external certificate for radius aerohive

  • 1
  • Question
  • Updated 3 years ago
Hi everyone,

I have a problem using AeroHive Interface.

When I go to Configure -> Common Object -> Certificate Management

I can create CSR for requesting a cert for my local CA of my domain.

But I can't import any certificate, when I import it said "Certificate was imported successfully." but no cert appear at all...
So my wifi client see an error on the certificate before connection and I want it disappear.

Could you help me please!

Thanks

Best regards.
Photo of Joffrey

Joffrey

  • 8 Posts
  • 0 Reply Likes

Posted 3 years ago

  • 1
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Hi Joffrey,

I recommend that you do not do this via a CSR and just import the necessary things to HiveManager having issued a certificate elsewhere.

Be careful too, you need to make sure your server certificate meets the following requirements (Consideration 2):

https://wiki.geant.org/display/H2eduroam/EAP+Server+Certificate+considerations

Nick
(Edited)
Photo of Joffrey

Joffrey

  • 8 Posts
  • 0 Reply Likes
Thank Nick, but problem is when I import a certificate, it doesn't appear at all.
So this is a Aerohive issue or I did something wrong?
Photo of Joffrey

Joffrey

  • 8 Posts
  • 0 Reply Likes
I'm trying to import CA cert of my CA server for example it doesn't appear on
Certificate Management section
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
I need the detail. In what format etc...
Photo of Joffrey

Joffrey

  • 8 Posts
  • 0 Reply Likes
I connect to @IPmyCA/certsrv choose "download CA certificate" it give me a .cer certificate.
After I go to aerohive portal to Configure -> Common Object --> Certificate Management
Choose Import, choose my CA cert, and it says "Certificate was imported successfully." but nothing appear, just Aerohive Cert

Thanks for your quick replies!
(Edited)
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Is this in pem or der format? A .cer can be in either.

If you're happy to email me the file, I'm happy to take a look at this for you:

nick.lowe@gmail.com
(Edited)
Photo of Joffrey

Joffrey

  • 8 Posts
  • 0 Reply Likes
it seems to be in DER format so I use the conversion tool included

(Edited)
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
From the docs:

If you use a third-party CA to sign certificates, you can first generate and export a CSR, then send it to the CA, and finally—when the CA returns the signed certificate and private key file—import the certificate into HiveManager.

Aerohive devices support PEM-formatted certificates (Privacy Enhanced Mail) for all features that make use of certificates:

  • AP VPN server authentication: The AP VPN server certificate must be in PEM format and cannot be password-encrypted.
  • AP RADIUS authentication server using TLS (Transport Layer Security), TTLS (Tunneled Transport Layer Security), or PEAP (Protected Extensible Authentication Protocol): The server certificate for an Aerohive RADIUS authentication server must be in PEM format and can be either password-encrypted or not.
  • Communications between a RADIUS server/LDAP client and an LDAP user database server secured through TLS: The server and CA certificates on the AerohiveRADIUS server/LDAP client must be in PEM format and can be password-encrypted or not.

To import a certificate file:

  1. Click Import.
  2. Enter the path and file name in the Certificate File field, or click Browse and navigate to the location where you previously saved the file.
  3. Click Open, and then click Import, or to cancel the import operation, click Return.
  4. Repeat these steps to import other certificate and key files. To cancel the import operation, click Return.

If you import certificates in PFX or DER formats, you must use the conversion tool to reformat them as PEM files. To import a PFX-formatted file, which contains a certificate and private key combined, and convert its format from PFX to PEM:

  1. Click Import.
  2. Enter the path and file name in the Certificate File field, or click Browse and navigate to it.
  3. Select Convert the certificate format from PFX to PEM.
  4. Enter the password that was used to encrypt the PFX file.
  5. Click Import, or to cancel the import operation, click Return.
  • Later, when you use the PEM-formatted file that contains both the certificate and private key, you must choose the same file for both the Certificate and Private Key fields.

To import a pair of DER-formatted files, one containing a certificate and the other its accompanying private key, and convert their format from DER to PEM:

  1. Click Import.
  2. Enter the path and file name for the server certificate file in the Certificate File field, or click Browse and navigate to it.
  3. Select Convert the certificate format from DER to PEM.
  4. Select the type of file your are importing; in this case, Certificate.
  5. Click Import, or to cancel the import operation, click Return.
  6. To import the private key file matching the public key in the certificate you just imported, repeat steps 1 - 3 but select Key for the file type.
  7. When importing a DER-formatted private key, enter the password that was used to encrypt the file.
  8. Click Import, or to cancel the import operation, click Return.
Photo of Joffrey

Joffrey

  • 8 Posts
  • 0 Reply Likes
It's exactly what i did but nothing appear
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
What do you get from:

openssl x509 -in cert.cer -inform der -outform pem -out cert.pem
Photo of Joffrey

Joffrey

  • 8 Posts
  • 0 Reply Likes
seems to be ok with this command
I import cert.pem into AeroHive portal and it appear!!!

So Aerohive doesn't like .cer format and conversion tool seems to be unable to convert

I will continue to import cert I need, thank you !
(Edited)