![]() Installing the certificate in PKCS12 format manually into the keystore is just a matter of seconds. ![]() the keystore in it, at least until this bug in the web UI of accepting only JKS format will have been fixed by TP-Link.įor OC200 HW Controller, unfortunately this is no option. The only difference to use the PKCS12 format would be to not use the web UI for uploading, but to copy the file to the Omada SDN Controller home directory resp. There is nothing wrong to use this fine software to convert and manage certs. I just wanted to point out that using JKS format is deprecated for 6 years now and since you had to create a PKCS12 anyway with Keystore Explorer, you could have even saved one step in the conversion process. Pretty easy.īut you are absolutely right that any certificate manager can be used for those who prefer a graphical UI. And I just have to install the RootCA cert in a bowser's keychain once, not dozens of individual certificates for each host/service. By using a wildcard certificate with a subnet IP as SAN I can create and sign a single certificate for all local hostnames as well as for all local IPs of devices in my LAN, be it a router, a switch, a server or a service. So I convert the resulting certs into other formats also with openssl.įor systems in my LAN I do not buy certificates, but use self-signed certificates under my own Certificate Authority. I prefer the openssl method b/c of several reasons, the most important one is that for certificates signed by a public or a private CA I have to generate a CSR using openssl anyway. It's just the SDN Controller's web UI which does not allow uploading PKCS12. So, Omada SDN Controller does indeed accept PKCS12, which is no surprise because PKCS12 is supported by any JDK since JDK 8 released in 2014. Old ones will still be supported in the future by the JDKs, but new cryptographic algorithms might not be supported at all, so the conversion of SSL certs to PKCS12 is just a matter of time when new cryptographic algorithms are used for the certs.Īnyway, the method to install a PKCS12 cert by manually copying it to the keystore still works fine with SDN Controller. ![]() Why is it bad? Because JKS certificates are based on an old, proprietary format (outdated since 2014), that is not easily extensible to new cryptographic algorithms. Yes, as I wrote I didn't try uploading the cert through the web UI, but I checked: it indeed accepts only JKS format, which is bad. Thanks and hope that it's clear for everyone p12ĥ- file > save as - save it as a JKS file and enter the same password for the key pairĦ- lunch Omada and make sure that you delete the jetty.jks file.ħ- login to Omada comtroller then setting > Controller - then upload the JKS certificate we made and put the password then everything will be fine Note: windows CA creats PFX file, just rename the extention to. to fix it you have to go the Omada directory C:\Users\YOURNAME\Omada Controller\data\cer then you will find a file called jetty.jks delete this file a creat a new JKS certificate through KeyStore Explorer SoftwareĢ- tools > Generate key pair - RSA 4,096 - edit name - write down all information needed CN=(omada's FQDN)Ĥ- tools > import trusted certificate - you have to add the p12 file created by your CA So, If you upload a wrong certificate through the web interface, the web interface won't be lunched or working as I received an error message. First of all Omada ONLY supports JKS certificate files and no more files supported.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |