The 3Com® wireless LAN Managed Access Point (MAP) 3850 delivers secure, voice-ready reliable connectivity for WLAN users.
An integral component of the 3Com Wireless LAN Mobility System, the 3Com MAP 3850 with intelligent switching offers both centralized and distributed data forwarding, with the MAP automatically determining the best alternative based on the requirements of the underlying application. This allows it to support the most demanding wireless applications indoors and outdoors, including Voice over Wi-Fi.
This article will take you through
- 3 Com Wireless LAN CSR Generation
- 3 Com Wireless LAN SSL Installation
1. 3 Com Wireless LAN CSR Generation
Before generating a Certificate Signing Request (CSR) for your 3Com Wireless LAN Switch and Controller, you must create the private key from which your CSR will be generated.
- Run the following command
WX1200#crypto generate key web 2048This will create a 2048 bit private key.In the above example, “web” represents a certificate for web access so users can use a web page to log onto an unencrypted SSID. To create a certificate for “eap” (802.1X access for network users who can access SSIDs encrypted by WEP or WPA, or users connecting with wired authentication ports) or “admin” access (through your 3Com Wireless Switch Manager or Web Manager), use those aliases in place of “web.” - Run the following command to create a CSR for certificate signing.
crypto generate request webYou will want to use the same option (admin, eap, or web) as it was used in creating the key, depending on the function for which your certificate is being generated. Once the CSR is generated, you have to share the same with CA for generating the certificate.A prompt will ask you for the following details:- Country Name: Example IN is for India.
- State Name: Example TN is for Tamilnadu.
- Organizational Name: You should give the proper organization name as mentioned in legal docs.
- Organizational Unit: Example IT
- Common Name: www.example.com (the FQDN by which you will connect to your device, can also be an internal name)
- Email Address: any official email address
- Unstructured Name: Leave it blank or type NA
After giving all these details, you will be provided with a CSR in text format file that has to be provided for the certificate generation process.
2. 3 Com Wireless LAN SSL Installation:
- Once you have received your certificate files back from DigiCert, you will need to install them to the same key from which they were generated.
- crypto certificate web
- Once again, if you did not use “web” when creating your CSR and key, you will not use “web” here, instead use “eap” or “admin.”
- Next, using a text editor, open the your_domain.crt file you received from DigiCert and copy/paste the entire body of that file (including the Begin and End Certificate lines) into the CLI.
- Your certificate should now be installed. Before it will work correctly, you will need to install the DigiCertCA.crt file that should have been sent to you along with your your_domain.crt file.
Note:If you did not receive this file, you can download it from inside your account (this is called your Intermediate Certificate file).- Run the following at the command line:
- crypto ca-certificate web
- One last time, you will substitute “web” for “eap” or “admin” if that is what you have been doing.
- Run the following at the command line:
- You will be prompted to enter the text of the certificate. Once again you will open your file with a text editor and paste the entire body of that file into the provided prompt.
The 3Com Wireless LAN Switch will not allow for the installing of multiple intermediate certificate files. If you were provided with multiple intermediate certificates, this is usually for additional ubiquity purposes and should not impact your clients or connection issues in almost all cases. Although, ideally installing all the intermediate files would not be possible, and fortunately, it is not required.
We hope this article helped you with this easy process. If you are unable to use these instructions, Acmetek recommends that you contact either the vendor of your software or the hosting organization that supports it.