WiDirect Command Line SSL Configuration
Generate Key and CSR
Login to the WiDirect over SSH using username portal.
First you will create the key file, and then the certificate signing request from that key file. The instructions below use wifi.mydomain.com. Change that entry to be your desired domain name.
First generate key file:
su - cd /home/portal/ openssl genrsa -out wifi.mydomain.com.key 2048
openssl req -new -key wifi.mydomain.com.key -out wifi.mydomain.com.csr
Answer all the questions when prompted. It is important when asked for the "Common Name" that you enter the exact domain you will be using for your WiDirect. Depending on the level of certificate you are requesting some of the other information may need to match the domain's information as well.
A self-signed certificate may be generated if you would like to use the new key immediately before getting the certificate from a 3rd party. If you would like to wait to install the certificate until the process is complete this step may be skipped. To self-sign the key the following command may be used:
openssl req -new -x509 -nodes -sha1 -days 365 -key wifi.mydomain.com.key > wifi.mydomain.com.crt
To get a certificate from a 3rd party you will need to copy the CSR file from the WiDirect. You can view the CSR file with the following command:
The entire contents of that file should be sent to your SSL provider, including the lines with BEGIN and END. Example certificate request:
-----BEGIN CERTIFICATE REQUEST----- MIICnzCCAYcCAQAwWjELMAkGA1UEBhMCVVMxEjAQBgNVBAcMCUFubmFwb2xpczEZ MBcGA1UECgwQQWxsQ2l0eSBXaXJlbGVzczEcMBoGA1UEAwwTYWxsY2l0eXdpcmVs ZXNzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALvR0EerefLn 2ONMdYkBgHRKtN4o4Tnzh4nqIV0409NgsR0ECgHIZje1VLew26Y8sELMllFZvuYK mChvz7+JM/P3G+5FDrIK112EAr/T4BVo/1fWBkammWwESJg9yfitO56xMCEvI08y 4f87iLk7K+Oznw00bBZRnRlqDBQIVA36ObqEtUfS4czJF4R2tj3UffvZW/M1jtwl oAANkrZHjNxYiLVMiaixKjLmDKj2M6IfQ5ljLxFOlqAQlGnO1ibM4VSYRV/P+amw hZKOtWidGGHuMTJtZPL8k/0BEeGacoxaG6V7oRqPs+g5V3DCtObgbBYtX2zfO69D 6W/4NLKwUvsCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4IBAQBto6SYnNcksqm2ecft Mmyjo/DLgnncPakmLzdzUM7+P3YGdJTr938HROAs4B6PjJOSL2QSDH4CM3FIkwhh IyBBjoWWgZO1rMXepDmD9S8j5AToE3I4GtFmRKXNtj/utX8D0LTHaVM0JfORhDzh gghmWYmIlNhObziv/914VBcK3XA4aun+IPrnZw2zcvhhn24qSUYRnAqmhbBwGODg i+q9QhQwqK9EwKgvF2qC86BNE54jtj4d8iGuUe92IFeW/c4vghJoLVlmlvxyxTCG coPPcpyaC7oWV8hleD8fvC74r2ZIYban5g3k0xLn7eNNNQAcdLTH/FlLG0GRbqB9 QmoW -----END CERTIFICATE REQUEST-----
The file can also be downloaded from the WiDirect using a secure FTP program, such as Filezilla. When using Filezilla be sure to add a new site in the Site Manager, and set the protocol to "SFTP - SSH File Transfer Protocol." The Logon Type will be "Normal" and the other details will be the standard SSH login information for the WiDirect.
Once you get the certificate, copy it using Filezilla to the portal directory.
Move the certificate to the proper place:
su - cd /home/portal/ mv wifi.mydomain.com.crt /etc/pki/tls/certs/wifi.mydomain.com.crt
Move the key:
mv wifi.mydomain.com.key /etc/pki/tls/private/wifi.mydomain.com.key
Sometimes you may also be given a bundle file. If so, move that as well:
mv gd_bundle.crt /etc/pki/tls/certs
You need to modify the ssl configuration file to use the bundle file if given one:
Look for the three lines below in the file. They will be separated by comments
SSLCertificateFile /etc/pki/tls/certs/localhost.crt SSLCertificateKeyFile /etc/pki/tls/private/localhost.key #SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
Change those lines as shown below. The third line can be left alone if no bundle file was provided.
SSLCertificateFile /etc/pki/tls/certs/wifi.mydomain.com.crt SSLCertificateKeyFile /etc/pki/tls/private/wifi.mydomain.com.key #SSLCACertificateFile /etc/pki/tls/certs/gd_bundle.crt
Then type "service httpd restart" to restart the web service. If there are any errors it is critical that they be fixed.
Preferences Page Changes
On the Preferences page on the WiDirect be sure to update the "Validation Public Web IP" option to be the domain you purchased the SSL certificate on. This entry will be used when the user needs to be redirected to a secure URL.