I have a Cisco WAP371 running firmware 1.3.0.4 and I want to import the certificate into Windows 10 so that I can manage the AP without getting constant certificate errors.

I generated a new certificate after upgrading the firmware to 1.3.0.4. On the Administration > HTTP/HTTPS Service page, I downloaded the certificate, which creates a mini_httpd.pem file. Windows does not know what to do with a .pem file; trying to open it in the Certificates management console Certificate Import Wizard gets the error “The file type is not recognizable. Select another file.”

I tried changing the .pem extension to .cer. Windows recognizes the file type as a certificate, but the import wizard gets the same error. I opened the .pem file in a text editor and it looks like it is a key and certificate; it starts with -----BEGIN PRIVATE KEY----- and has -----END PRIVATE KEY----- ----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----.

I edited the file to remove the tags -----BEGIN PRIVATE KEY----- and -----END PRIVATE KEY----- and everything in between, and then saved it as a .cer file. The certificate imported to computer account Trusted Root Certification Authorities OK.

But, web browsers still do not trust this certificate. Browser reported: “The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported.” The certificate lists the issuer as C=US, S=California, L=San Jose, OU=Cisco, CN=<IP address of WAP>. It is a self-signed certificate and the certificate has been installed to the Trusted Root Certification Authorities. There seems still to be something wrong with the certificate.

How do I get a Windows 10 computer to trust the certificate for the WAP371?