Got it
Huawei Enterprise Support Community
Community Forums WLAN
Changing the default SSL ...

Changing the default SSL certificate on AC6005

Latest reply: Nov 7, 2021 10:53:47 3815 6 2 0 0
View the author 1#

Hi there, Community!


This post enquires about changing the default SSL certificate on AC6005. Please see below for more details.


Huawei AC6005


ISSUE DESCRIPTION


The customer needs to change the defaut SSL certificate installed on an AC6005 by using the new CA from local CA. How to do it?


Thanks for assisting me with changing the default SSL certificate on AC6005!

Like (2) Dislike (0) Favorite(0) Share Report
Previous: View the wifi code.
Next: What is RSSI? and what does it mean for a Wi-Fi network?
(0) (0)
2#
gululu
Created May 31, 2017 00:58:40

@网络管理员Lemon please help
View more
  • x
  • convention:
(1) (0)
3#
Ws1plzbf
Created May 31, 2017 06:02:53

Dear, please check the product document , there is one example for Importing Certificates Manually
http://support.huawei.com/ehedex/hdx.do?docid=DOC1000088060&lang=en&clientWidth=1350&browseTime=1496210132225
or you can call the TAC directly to get help,thank you!
View more

Rating

Number of participants 1E-coins +5 Experience +1 Collapse Reasons
user_2790689 user_2790689 + 5
user_2790689 user_2790689 + 1

View All scores

  • x
  • convention:

hpl_Panda
hpl_Panda Created Nov 7, 2021 11:51:10 (0) (0)
 
(2) (0)
4#
sertan_akyuz
Created Jun 14, 2017 12:31:02

Hi,

That documentation is not really enough. First of all you need to clear most of the ssl config. Following config might be useful.

Commands might give some errors. You should read them and disable/remove whatever is blocking your undo.

pki rsa local-key-pair create cli_rsa exportable

pki export rsa-key-pair cli_rsa pem cli_rsa.pem password PASSWORD

ftp
open FTP.SRV.IP.ADD
put cli_rsa.pem

pki entity cli_entity
country TR
state Ankara
organization CLIGURU
organization-unit CLIGURU
common-name wifi.cliguru.com

pki realm cli_realm
entity cli_entity
rsa local-key-pair cli_rsa

pki enroll-certificate realm cli_realm pkcs10 filename cli_cer_req

ftp
open FTP.SRV.IP.ADD
put cli_cer_req

After CA signed your certificate with you CSR and sent it to you with all CA chain, put all certificates to AC again.

pki import-certificate local realm cli_realm pem filename wifi_cliguru_com.pem replace
pki import-certificate ca realm cli_realm pem filename COMODORSADomainValidationSecureServerCA.pem replace
pki import-certificate ca realm cli_realm pem filename COMODORSAAddTrustCA.pem replace
pki import-certificate ca realm cli_realm pem filename AddTrustExternalCARoot.pem replace

ssl policy cli_ssl type server
ciphersuite rsa_aes_128_cbc_sha rsa_aes_256_sha256 rsa_aes_128_sha256
version tls1.0 tls1.1 tls1.2
pki-realm cli_realm

http secure-server ssl-policy cli_ssl
http secure-server enable

portal local-server ip PORTAL.INTERFACE.IP.ADDRESS
portal local-server load flash:/portalpage.zip
portal local-server url wifi.cliguru.com
portal local-server https ssl-policy cli_ssl port PORT

portal-access-profile name portal_access_profile
portal local-server enable

authentication-profile name portal_authen_profile
portal-access-profile portal_access_profile

authentication-profile name CLIGURU-GUEST
portal-access-profile portal_access_profile

undo http secure-server ssl-policy
authentication-profile name CLIGURU-GUEST
undo portal-access-profile
portal-access-profile name CLIGURU-GUEST
undo portal local-server enable
View more
  • x
  • convention:

user_4411447
user_4411447 Created Nov 7, 2021 11:50:34 (0) (0)
 
(0) (0)
5#
Rob65
Created Nov 7, 2021 10:53:47

Really difficult
View more
  • x
  • convention:
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.