Requesting Certificate from a Third-Party CA

In order to provide trusted network security services to wireless clients, ClearBox Server must be able to cryptographically identify itself to clients. To prove its identity to clients, it sends them its digital certificate during the client login procedure. This certificate may be issued by creating your own certificate authority, but if you have already a CA in your organization (like Active Directory Certificate Authority) or want to purchase it from some trusted third-party CA, Certificate Wizard helps you in creating a certificate signing request which is sent to the CA.

In brief, the process goes as following: Certificate Wizard creates two files, a private key (you should store it) and a request containing desired certificate properties and a public key. This request is sent to an appropriate CA. The CA attests your and the server identity, creates your server certificate, signs it and passes back to you. After that Certificates Wizard merges the new certificate and the stored private key and install them as the RADIUS server certificate.

Run Certificates Wizard and select the second option:

Click Next and define server names for the server certificate:

Select the server certificate validity time span. When expired, the certificate should be re-issued or renewed.

Define the password which encrypts the private key. You will be prompted to input this password later on when the new certificate is be received from a CA,

Click Next. Fill in the fields which describe the location of ClearBox Server:

Click Next. You are asked where two files should be saved: the first is the request you have to send to a CA, the second is the private key file you should store for a while:

Click Next. After some time depending on the server machine performance you'll be shown the success message:

Now the certificate signing request is created and ready for passing to a CA.

You may read step-by-step example of issuing a certificate in Active Directory CA here.

After the CA creates the new certificate and signs it, you may proceed with installing it.

Run the wizard and select the third step:

Click Next and specify the location of two files: the first is the new certificate received from the CA (in DER- or Base-64 encoded PEM format), the second is the private key you have stored earlier. Besides, input the private key password:

The default and recommended behavior is to delete temporary files, as they are not needed any longer.

Click Next. The necessary RADIUS server certificate is installed and ready for use. The last step is to select the server certificate in Configurator. Run it, select 'TLS Settings' in the left tree. Click 'Select Certificate...':

Select the created certificate from the list and click OK:

Click 'Apply Changes', click 'Save' on the toolbar and restart ClearBox service.