Monthly Archives: April 2022

Use LetsEncrypt to Generate a Wildcard Certificate

Create a CPPM server certificate for captive portal.

First, generate a wildcard via certbot:

In Ubuntu, execute following:

sudo apt update 
sudo apt install letsencrypt

sudo certbot certonly --manual --preferred-challenges dns --server

Before you convert your certificates into a p12 file format, download the PEM files for a different RSA CA trust chain for your public and private key. I used ISRG Root X1, found =>

On the same page, download the corresponding Lets Encrypt R3 intermediate certificate to complete the trust chain.

Combine the root and intermediate certificates to create the new chain in text editor: intermediate first, root last.

Using the new chain file, run the following openssl command

openssl pkcs12 -export -out keycert.p12 -inkey privkey.pem -in cert.pem -certfile new-chain.pem

The p12 file should work for a RSA server certificate.

To create the a server certificate accepted by a Aruba IAP, you’ll need to manually combine the PEM files in a text editor. IAPs do not accept .p12 files, but do accept PEM. Order is the following:

  1. server [cert.pem]
  2. chain [intermediate, CA]
  3. private key