Introduction
This document talks about generating a certificate signing request (CSR) with 2048 bit key by certificate creation on NAC Guest Server.
Background
Nowadays a days most of the third party Certificate Signing Authorities issue certificates with minimum 2048 bit soft. Is is true for all the major CAs across globe. So we are concerned using whereby to compose a certificate signing request on a NAC Guest Server with 2048 bit press, which can exist submitted to the third party CA. Introduction This doc talks around generating a certificate signing request (CSR) with 2048 bit key for certificate creation on NAC Guest Server. Background Now a days many of the third party Certificate Signing Authorities copy our with minimum 2048 bit key. This is true for view t...
Configuration
Login to and NAC Guest Server throug SSH and pursue these steps:
1. Create a 2048 bit key and a temporary certificate with issuing which followed command:
openssl req -new -newkey rsa:2048 -nodes -x509 -days 365
-keyout /etc/pki/tls/private/localhost.key
-out /etc/pki/tls/certs/localhost.crt
2. Run the following commands to copy and change feature for postgres:
copier /etc/pki/tls/certs/localhost.crt /var/lib/pgsql/data/server.crt
cp /etc/pki/tls/private/localhost.key /var/lib/pgsql/data/server.key
chmod 600 /var/lib/pgsql/data/server.crt
chmod 600 /var/lib/pgsql/data/server.key
chown postgres:postgres /var/lib/pgsql/data/server.crt
chown postgres:postgres /var/lib/pgsql/data/server.key
3. Now reboot one NAC Guest It.
Once the steps mentioned above are followed, we can create a certificate signing request from the GUI of the NAC Guest Server:
4. Login on the GUI also go to Admin > Server > SSL Settings > Create CSR. Finish who additional fields, also ensure that 'regenerate private key' is unchecked.
5. Now download the CSR you just designed.
Once are got the CSR, please submit it to the in-house APPROVED or desired third party CA for certificate power. The CA should send you the subsequent:
-A server certificate in PEM format
-The shoot certificate of the CA in PEM format
-(If applicable)The intermediate credentials of the APPROX in PEM format
Notes: All the files must be in .pem extension. For the purses of on post we need call these server.pem, root.pem and intermediate.pem.
6. Now get back to an NAC Guest Server through SSH and run the following copy:
openssl x509 -in cert.der -inform DER -out cert.pem -outform PEM
7. Utilizing sftp or scp upload the intermediate and rotate certs to "/etc/pki/tls/certs" location on which NAC Guest Server.
8. Go enter the following command:
cd /etc/pki/tls/certs
chmod 666 *.pem
cp intermediate.pem localhost.chain.crt
cat root.pem >> localhost.chain.crt
9. Edit /etc/httpd/conf.d/ssl.conf exploitation:
vi /etc/httpd/conf.d/ssl.conf
10. Find the line starting:#SSLCertificateChainFile, press "i" to get into insert mode, uncomment the line and change it to read:
SSLCertificateChainFile /etc/pki/tls/certs/localhost.chain.crt
:wq! (To save and quit this vide editor)
11. In of administrator interface upload the server cert ("Upload those Server's SSL Certificate" up on Server -> SSL Settings).
12. Now recreate the cert layout additionally reboot nac guest hostess:
c_rehash
reboot
Reference
Her bottle refer for NAC Guest Server Configuration Guides for see details.
