cancel
Showing results for 
Search instead for 
Did you mean: 

Certificate for IC

SOLVED
ucup_
Occasional Contributor

Certificate for IC

Hi Folks

understand we can use self sign certficate for IE and IC connection and also for user to IC connection. btw how about if i want to use trusted Certificate, what type certificate that i need to buy and what is the procedure. is it like this below?

1. generate CSR

2. submit CSR to CA

3. import the sign certificate from CA

understand from admin guide we need to import .pem cert to Infranet Enforcer, do i will get .pem also when we buy trusted certificate? the objective is we want to ignoring warning message when we connect to IC

thanks

1 ACCEPTED SOLUTION

Accepted Solutions
ELKIM_
Occasional Contributor

Re: Certificate for IC

Hi Ucup

You need 2 certificate:

1. Server Certificate

- create CSR

- send CSR to Cetificate Authority and let them to sign your cert

- import the CA signed certificate to your IC

2. CA Certificate

- Ask CA cert to your Certificate Authority

- import CA cert (root cert) into your Infranet Enforcer

thanks

EL

View solution in original post

8 REPLIES 8
Stanislas P_
Contributor

Re: Certificate for IC

Hi,

For IC, you can create a internal certificate ( Microsoft Certificate authority, Openssl, ...) to sign the CSR generated on the IC. the procedure to create this certificate with openssl is described on the admin Guide.

To ignore warning message, you can use one of following methods:

- add the CA certificate as trusted certificate authority in the AD GPO. (to ignore message when using captive portal with IE)

- Add the CA Certificate as trusted Certificate in OAC Configuration before generating pr_-configured OAC installer. this certificate will be included in the OAC intaller.

Stanislas

ucup_
Occasional Contributor

Re: Certificate for IC

Hi Stanislas

thanks for your update.

sorry i dont really understand if using trusted cert, because normally, i am using self sign. if im using self sign, i just generate CSR from IC box and then use OpenSSL to sign my cert and the after that i import the sign cert to IC.

for IE and IC connection also need certificate, and i must import .pem cert into IE. but this way user will got warning message since the cert only self sign. so let say i want to avoid warning message what i must do?

1. Create CSR from IC

2. send CSR to CA

3. Import cert from CA

Do CA will give .pem cert also for IE?

Thanks


Ucup

Stanislas P_
Contributor

Re: Certificate for IC

Hi,

What is your authentication method? OAC, Junos Pulse, Captive portal?

The certificate signed by Openssl is used for IE connection and for User access.

Add the Openssl CA cert (same as you added to the IE) as trusted CA in Windows (for OAC, Junos Pulse or Captive portal with Internet Explorer or Chrome) or Firefox (for Captive portal with Firefox)

Stanislas

ucup_
Occasional Contributor

Re: Certificate for IC

Hi

I am using capative portal (agentless). we want to use trusted cert, so why we need to add CA cert on the browser?

my doubt is when we send our CSR to CA, do they will give as .pem and .crt cert like i normally use when generate self sign certificate as per admin guide.

Please let me know the procedure, if i want to use the trusted certificate. i little bit difficult to understand using trusted certificate because i cannot playing around in my lab since we have to buy the trusted cert from CA.

thanks

Ucup

Stanislas P_
Contributor

Re: Certificate for IC

Hi,

What do you mean by "trusted CA"?

a trusted is a CA you trust. you can use different trusted CA:

- Public CA as Verisign, Thawte, ...

- Private CA you need to add as trusted CA in your PC! (in AD GPO ou manually on IE / Windows)

Regards,

Stanislas

ucup_
Occasional Contributor

Re: Certificate for IC

Hi Stanislas

I m reffering to public CA, but my concern if we use public CA, what certificate that we need to import on IE? on self sign i import .pem cert.

Thanks

Ucup

Stanislas P_
Contributor

Re: Certificate for IC

You will need to import the Public CA certificate which signed your certificate and all the certification tree of this CA!

Stanislas

ELKIM_
Occasional Contributor

Re: Certificate for IC

Hi Ucup

You need 2 certificate:

1. Server Certificate

- create CSR

- send CSR to Cetificate Authority and let them to sign your cert

- import the CA signed certificate to your IC

2. CA Certificate

- Ask CA cert to your Certificate Authority

- import CA cert (root cert) into your Infranet Enforcer

thanks

EL