Eap-Tls Configuration With The Summit Wm Controller As Pass-Through; Bulk Eap-Tls Configuration - Extreme Networks Summit WM Technical Reference Manual

NOTE
In proxy mode there is a possibility of a mismatch between the private key created with the CSR and the
certificate returned from the CA. The Summit WM Controller retains the private key that was created together
with the CSR. If a new CSR is created by clicking Generate Certificate Signing Request before the certificate is
returned from the CA, a new certificate is required because the old private key is overwritten with the new key.
EAP-TLS configuration with the Summit WM Controller as pass-
through
In pass-through mode, the certificate and the private key are generated on the CA and exported as
PKCS#12 (.pfx) file. Do the following:
1 On the 802.1X tab, navigate to the .pfx file under the EAP-TLS section. Confirm that file was
exported in PFX format.
2 Type the password (since most of the .pfx files are password protected).
3 To easily match .pfx files to an AP on the Summit WM Controller, export the certificates and private
key from the CA to a file with AP serial name.
4 Save the configuration. The certificate status window displays the results of the configuration push
to the AP. The AP may reject the configuration for one of the reasons described in
credentials from the Summit WM Controller to AP" on page

Bulk EAP-TLS configuration

Bulk Configuration provides configuration of multiple APs simultaneously. When creating a bulk CSR,
the Summit WM Controller creates a collection of .csr files (one for each AP) packed in a .tar file. Each
.csr file is named according to the corresponding AP serial number. The distinguished name information
(country, location, etc) used in the CSR are the same for all APs selected — only the common name is
unique. The common name can be AP MAC address, AP name, or serial number.
To install certificates in proxy mode, the following occurs:
Exported .cer files from the CA are packed in a zip file and loaded on the Summit WM Controller.
●
When uploading the .zip file, APs are required to be selected.
●
The Summit WM Controller matches the .cer files from the zip with the AP, based on the serial
●
number. If a .cer file name does not match any AP serial number, the Summit WM Controller looks
into the certificate and uses the common name to match the AP.
Save the configuration. The certificate status window displays the results of the configuration push
●
to the AP. The AP may reject the configuration for one of the reasons described in
credentials from the Summit WM Controller to AP" on page
To install certificates and private key in pass-through mode, the following occurs:
Exported .pfx files from the CA are packed in a zip file and loaded on the Summit WM Controller.
●
When uploading the .zip file, APs are required to be selected.
●
The Summit WM Controller matches the .pfx files from the zip with the AP, based on the serial
●
number. If a .pfx file name does not match any AP serial number, the Summit WM Controller looks
into the certificate and uses the common name to match the AP.
The password for all .pfx files should be identical.
●
Summit WM Technical Reference Guide, Software Version 5.1
"Transferring
104.
"Transferring
104.
111