Create a CPPM server certificate for captive portal.
First, generate a wildcard via certbot:
In Ubuntu, execute following:
sudo apt update
sudo apt install letsencrypt
sudo certbot certonly --manual --preferred-challenges dns --server https://acme-v02.api.letsencrypt.org/directory
Before you convert your certificates into a p12 file format, download the PEM files for a different RSA CA trust chain for your public and private key. I used ISRG Root X1, found => https://letsencrypt.org/certificates/
On the same page, download the corresponding Lets Encrypt R3 intermediate certificate to complete the trust chain.
Combine the root and intermediate certificates to create the new chain in text editor: intermediate first, root last.
Using the new chain file, run the following openssl command
openssl pkcs12 -export -out keycert.p12 -inkey privkey.pem -in cert.pem -certfile new-chain.pem
The p12 file should work for a RSA server certificate.
To create the a server certificate accepted by a Aruba IAP, you’ll need to manually combine the PEM files in a text editor. IAPs do not accept .p12 files, but do accept PEM. Order is the following:
- server [cert.pem]
- chain [intermediate, CA]
- private key