Before Installing a Certificate

Before you create and install a certificate:

  1. Select a certificate format to install. The controller supports several types of certificates, as shown in Supported Certificate and CA Formats.
    Click to expand in new window

    Supported Certificate and CA Formats

    Certificate Format Description
    PKCS#12 The PKCS#12 certificate (.pfx) file contains both a certificate and the corresponding private key.

    The controller will accept the PKCS#12 file as long as the format of the private key and certificate are valid.

    PEM/DER The PEM/DER certificate (.crt) file requires a separate PEM/DER private key (.key) file. The controller uses OpenSSL PKCS12 command to convert the .crt and .key files into a single .pfx PKCS#12 certificate file.

    The controller will accept the PEM/DER file as long as the format of the private key and certificate are valid.

    PEM-formatted CA public certificate file If you choose to install this optional certificate, you must do so when specifying the PCKCS#12 or PEM/DER certificates.
    Note

    Note

    When generating the PKCS#12 certificate file or PEM/DER certificate and key files, you must ensure that the interface identified in the certificate corresponds to the controller‘s interface for which the certificate is being installed.
  2. Understand how the controller monitors the expiration date of installed certificates.

    The controller generates an entry in the events information log as the certificate expiry date approaches, based on the following schedule: 15, 8, 4, 2, and 1 day prior to expiration. The log messages cease when the certificate expires. For more information, refer to the Extreme Networks ExtremeWireless Maintenance Guide.

  3. Understand how the controller manages certificates during upgrades and migrations.

    Installed certificates will be backed up and restored with the controller configuration data. Installed certificates will also be migrated during an upgrade and during a migration.