Background:

 

This post introduces the configuration steps for the HTTPS certificate with Omada Controller.

 

This Article Applies to:

 

Omada SDN software and hardware controllers.

 

Application Scenario:

 

When logging into the Omada Software Controller using a browser and entering the domain name “localhost:8043” (or the login domain name you assigned to the controller), you will receive the following “untrusted certificate” error message:

To eliminate the "untrusted certificate" error message in the login process, import the corresponding SSL certificate and private key issued by the certificate authority.

 

 

Configuration Steps:

 

Step 1. Import HTTPS Certificate File

1. Launch the  Omada SDN controller, choose Global View, go to Settings > System Settings > HTTPS Certificate.

 

2. Choose File Format according to your HTTPS certificate and Import.

There are three options for File Format, JKS (default option), PFX and PEM:

• JKS: With this file format selection, it is required to upload an SSL certificate file with a .jks extension. Enter the Keystore Password if your SSL certificate has. Otherwise, leave it blank. 

 

• PFX:  With this file format selection, it is required to upload an SSL certificate file with a .pfx extension. Enter the Private Key Password if your SSL certificate has. Otherwise, leave it blank. 

 

• PEM:  With this file format selection, it is required to upload an SSL certificate file with a .pem extension and SSL Key file.

 

In this example, we choose PEM as the File Format.

 

3. After completing the upload of the corresponding file, you can see the name of the uploaded file. You can also delete and re-upload files.

 

4. Fill in other required entries, scroll to the bottom of the page, and click Save. The configuration will take effect after restarting the controller.

 

Step 2. Add Hosts Hijacking Entries and Flush DNS Resolution Cache

 

1. The hosts file is usually stored in a folder with the path "C:\Windows\System32\drivers\etc.”. Open the hosts file with Notepad, and add the hijacked entry:

“192.168. 7.21 tpwx.xxx”.  Save the file.

 

The former part is the domain name of the controller; the latter is the domain name of your HTTPS certificate.

In this example, the domain name of the Controller is “192.168.7.21” and the domain name of the HTTPS certificate is “tpwx.xxx”. 

 

2. Open the terminal, and enter the command “ ipconfig /flushdns “to flush the DNS resolution cache:

 

Verification:

 

Restart the controller (if your Controller was restarted after configuring Step 1, you don't need to restart it again), and enter the domain name “https://HTTPS certificate domain name:Controller port” in the address bar of the browser. In this example, the HTTPS certificate corresponds to the domain name “ tpwx.xxx ‘ and the controller corresponds to the port number  8043, so the domain name would be ’https://tpwx. xxx:8043 “:

 

We have successfully accessed the controller login page via the HTTPS certificate domain name, and there is no "untrusted certificate" error message.

 

 

Feedback:

 

• If this was helpful, welcome to give us Kudos by clicking the upward triangle below.
• If there is anything unclear in this solution post, please feel free to comment below.

 

Thank you in advance for your valuable feedback!

 

------------------------------------------------------------------------------------------------

Have other off-topic issues to report? 

Welcome to > Start a New Thread < and elaborate on the issue for assistance.