Nortel WSS 2382 CSR Creation & SSL Installation Instructions

Connecting to the Nortel WSS 2382 

You will first need to connect to your Nortel WSS 2382 (WSS).

Nortel WSS 2382

Nortel WSS 2382

I used putty for this task to connect to the Management IP of the WSS
Once logged in, you must use the

enable

command to use the following commands.

CSR Creation

Before you can generate a Certificate Signing Request (CSR) for your WSS, you will need to  create the private key from which your CSR can then in turn be created.
Running the following command should elicit the response key pair generated and generate a 2048-bit private key.

crypto generate key web 2048

In the above example, “web” represents a certificate for web access so users can use a web page to log onto an unencrypted SSID. To create a certificate for “eap” (802.1X access for network users who can access SSIDs encryped by WEP or WPA, or users connecting with wired authentication ports) or “admin” access (through your WMS or Web Manager), use those aliases in place of “web.”

After you have finished creating your key, you can then run the following command to create a CSR for certificate signing. You will send the CSR to your CA-Certificate Provider, and they will use it to generate the certificate that you will install on your device.

crypto generate request web

You will want to use same option (admin, eap, or web) as was used in creating the key, depending on the function for which your certificate is being generated.

You will then be prompted to enter information that will be included in your certificate by the certificate authority:

  1. Country Name: GB (find your 2 digit country code)
  2. State Name: CountyName (your state or province)
  3. Locality Name: TownName (usually the location of your main office, not necessarily your current location)
  4. Organizational Name: CompanyName (your company name)
  5. Organizational Unit: DepartmentName (your business unit)
  6. Common Name: portal.example.com (the FQDN by which you will connect to your device, can also be an internal name)
  7. Email Address: [email protected]
  8. Unstructured Name: (leave blank, if possible, otherwise enter NA and continue)

If completed successfully, you will be provided with an encrypted text file called a CSR. You will copy and paste the entire body of this file to your CA-Certificate Provider when requesting your certificate.

Installing Your WSS Certificate

Once you have received your certificate files back from your CA-Certificate Provider, you will need to install them to the same key from which they were generated.

crypto certificate web

Once again, if you did not use “web” when creating your CSR and key, you will not use “web” here, instead use “eap” or “admin.”

Next, using a text editor (I used Notepad ++), open the your_domain.crt file you received from your CA-Certificate Provider and copy/paste the entire body of that file (including the Begin and End Certificate lines) into the CLI.
Your certificate should now be installed.

Before it will work correctly, you will need to install your CA-Certificate Providers .crt file that should have been sent to you along with your your_domain.crt file (this is called your Intermediate Certificate file).

Run the following at the command line:

crypto ca-certificate web

Again, you will substitute “web” for “eap” or “admin” if that is what you have been doing.

You will be prompted to enter the text of the certificate. Once again you will open your file with a text editor (Notepad ++) and paste the entire body of that file into the provided prompt.

The Nortel 2382 WSS will not function correctly with multiple intermediate certificate files. So ensure you only have one relevant CA-Certificate Installed, use the

show crypto ca-certificate web 

command to check this.

If you have more than on CA-Certificate installed the list will be displayed with a Certificate Number index.

Remove any un-needed certificates using the following command;

crypto clear ca-certificate type web cert_num <cert_no>

Nortel WSS 2382 Wireless LAN Controller CSR Creation & SSL Installation Instructions

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Post Navigation