Self-Help Knowledge
Base Articles

 

Certificates - Requirements and Troubleshooting (AirCheck G2)

  Print
 
 
Views: 0
 

Supported Certificate File Types:
 
File Extensions: .pem, .crt, .cer
These are the most common formats that Certificate Authorities issue certificates in.  It contains the ‘—–BEGIN CERTIFICATE—–” and “—–END CERTIFICATE—–” statements. Governed by RFCs, defined in RFC's 1421 through 1424.

  • They are Base64 encoded ASCII files
  • They have extensions such as. (.pem, .crt, .cer)


Sometimes the private key is provided in a separate file. AirCheck Manager Software does not have a mechanism to combine the private key with the client certificate. You may be able to simply concatenate the text of the private key onto the client certificate in a text editor.

File Extensions: .pfx, .p12
Originally defined by RSA in the Public-Key Cryptography Standards, the "12" variant was enhanced by Microsoft. If you want to store both the public and private key in an encrypted contained then you should use the .pfx. and .p12 formats.

  • They are Binary format files
  • They have extensions (.pfx, .p12).
  • Typically used on Windows OS to import and export certificates and Private keys 


Certificate Requirements:
When importing a certificate to the tester the certificate must be formed with the following requirements:

  • The certificate must contain the private key.
  • It must not be a self-signed certificate. (That is not signed by itself)
  • The private key must be marked as “exportable” if exported from the Windows certificate store.
  • The certificate chain may contain at a maximum one user certificate plus up to 5 chained CA certificates.
  • The certificate or key must be one of the following discrete sizes: 512, 768, 1024, 1280, 1536, 1792, 2048, 4096 bits.


Most Common issues:

  1. Missing Private Key or Client Certificate
  2. Missing and/or incorrect password
  3. The certificate does not meet the requirements above
  4. Incorrect format(s)
  5. Some Radius Servers do not like spaces in the common name field and will fail authentication.
  6. Certificates that have an empty "x509v3 Key Usage" field in the "x509v3 Extensions" section of the certificate. It should have entries like "Digital Signature" or "Key Encipherment" as the Key Usage field.
  7. AirCheck G2 will use “expired” certificates without checking the date.