Posts

Showing posts with the label certificate

Microsoft NPS as a RADIUS Server for WiFi Networks: Self Signed Certificate

Image
The Microsoft Network Policy Server (NPS) is often used as a RADIUS server for WiFi networks. It can provide authentication and authorization services for users on a wireless network.
Generally, NPS is used with various EAP methods (e.g. PEAP, EAP-TLS) that require a certificate to be presented by the NPS server to the client as part of the authentication exchange. The certificate proves the identity of NPS (the RADIUS authentication server)  to the client and is used to derive keys to build a TLS tunnel for the secure exchange of credential information.
Most of the time, a Microsoft PKI infrastructure is used to issue a certificate to the NPS server, which is a relatively straightfoward process that is well documented in official Microsoft documentation.
However, there may be times when you want to fire up a version of NPS (perhaps in a lab or POC environment) and just put on your own self-signed certificate, instead of having the additional overhead of getting CA servers etc. going.
Fin…

Installing a PFX File on a Cisco WLC

Cisco provide an excellent guide on how to create a CSR for a wireless LAN controller so that a certificate signed by a public CA can be installed. This is often very useful if you are using the WLC as a guest controller and want to prevent browser security messages that pop-up in a guest’s browser each time they access your guest wireless network.

The Cisco guide can be found here:

http://www.cisco.com/en/US/customer/products/ps6366/products_configuration_example09186a0080a77592.shtml

It also details how to install the chained certificate (provided by a public CA) on to the WLC. The certificate in the examples shown in the document use a ‘.pem’’ (Privacy Enhanced Mail) format file.

The method described in the (Cisco) document involves generating a CSR using Open SSL version 0.9.8 to create a certificate request which is then submitted to a public CA such as Thawte, Verisign etc.

It should be  possible to generate CSRs using other methods (other than Open SSL), but you may not end up with …