More information on how to connect a Cisco AP.
FossilOrigin-Name: 4906a299b0782436fd7528d4d32c6123f91327c038903884fe1d5c9b0ac07336
This commit is contained in:
7u83@mail.ru
58
ssl/README
58
ssl/README
@ -1,5 +1,7 @@
|
||||
Create ssl certificates to test AC-Tube and it's WTP
|
||||
====================================================
|
||||
|
||||
|
||||
Creating ssl certificates to test AC-Tube and it's WTP
|
||||
======================================================
|
||||
|
||||
1. Create a root CA by executing:
|
||||
|
||||
@ -41,6 +43,58 @@ Create ssl certificates to test AC-Tube and it's WTP
|
||||
Now your Cisco 1130 LAP will join to AC-Tube. Remember that the
|
||||
Cisco LAP will lose the installed certificate after rebooting.
|
||||
|
||||
If you want to use a Cisco LAP without installing on it your own
|
||||
ca certificate, which is lost after each reboot, you can sign your
|
||||
certificate with a Cisco intermediate ca certificate as explained
|
||||
in the next section.
|
||||
|
||||
|
||||
|
||||
|
||||
Get a Cisco AP out of the box connected to AC-Tube
|
||||
==================================================
|
||||
|
||||
If you want to use a Cisco AP without installing your own CA
|
||||
certificate on it, which is lost after each reboot, you have to
|
||||
use a certificate with AC-Tube, that is signed by a CA, where the
|
||||
CA certificate is already installed on the AP.
|
||||
|
||||
To create such a certificate a Cisco WLC uses an intermediate CA
|
||||
certificate, witch is signed by this root CA certificate, installed
|
||||
on the AP.
|
||||
|
||||
If you have both, the intermediate CA certificate with an
|
||||
appropriate private key and the CA certificate, which is installed
|
||||
on the AP, you can create such a certificate like a Cisco WLC does,
|
||||
by icopying them to the ./cisco sub-directory, using the
|
||||
following names:
|
||||
|
||||
cisco-root-ca.crt: the CA certificate,
|
||||
cisco-ca.crt: intermediate CA certificate
|
||||
cisco-ca.key: private key.
|
||||
|
||||
All files have to be in PEM format.
|
||||
|
||||
Now run the script
|
||||
|
||||
./mkcert_cisco.sh
|
||||
|
||||
witch creates two files:
|
||||
|
||||
ac_cisco.pem
|
||||
ac_cisco.key
|
||||
|
||||
When you get asked for a password, use always the same. The chosen
|
||||
password is not imported. You don't need it later.
|
||||
|
||||
Now you can modify ac.conf to use the certificate and and key:
|
||||
|
||||
ssl_key=../../ssl/ac_cisco.key
|
||||
ssl_cert=../../ssl/ac_cisco.pem
|
||||
|
||||
And a Cisco AP will now join AC-Tube without any modifications!
|
||||
|
||||
|
||||
|
||||
If you experience with other Cisco LAPs (e.g. 1141), please tell me.
|
||||
7u83@mail.ru.
|
||||
|
||||
Reference in New Issue
Block a user