Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

5508 Wireless

 

On the 5508 controller there seems to be a lot of certificates that can be installed.  Is there an up to date article that covers all of them?

 

commands->download file to controller   (vendor CA certificate)
                                                                 (vendor device certificate)   MUST BE IN PEM format

management->http-https:  (X) ssl     cert   

security->web auth->   (x) ssl cert      

 

 

When using OPenssl 9.8h I seemed like the only way I could create the request file was to not have a password (I was receiving memory alloc error when a password was specifed)

 

req -new -newkey rsa:2048 -nodes -keyout mykey.pem -out myreq.pem -config c:\openssl\share\openssl.cnf      

                          REM   creates the  mykey.pem and myreq.pem files

combine the certs together in a file called all-certs.pem

order is
device
intermediate
root

openssl>pkcs12 -export -in All-certs.pem -inkey mykey.pem -out All-certs.p12 -clcerts -passin pass:check123 -passout pass:check123
openssl>pkcs12 -in All-certs.p12 -out final-cert.pem -passin pass:check123 -passout pass:check123


output--->      MAC verified OK


download (ssl)      final-cert.pem  to controller

 

 

 

1 REPLY
Cisco Employee

Hi,I am not sure of the

Hi,

I am not sure of the Article but their use is straight forward.

commands->download file to controller   (vendor CA certificate)
                                                                 (vendor device certificate)   MUST BE IN PEM format

Here device certificate and server certificate can be uploaded. Use case is EAP-TLS support when WLC is acting like a radius server. It needs to present its certificate and also validate client certificate when they present the same.So needs two certificates.

 

management->http-https:  (X) ssl     cert   

Here it just needs to present the certificate so that your browser doesnt give the warning.Go to Management >https..to upload certificate for this purpose.

security->web auth->   (x) ssl cert

This certificate would be presented during web-auth when Internal web-server of the WLC is hit and you dont want warning because of that in your browser.Go to Security >web-auth>certificate to upload this certificate. This is attached to the virtual ip.From 7.6 onwards ..it has to be fully chained.

 

Additionally you can force WLC to use device certificate as HTTPS management certificate using the command:

(WLC) >config certificate use-device-certificate ?

webadmin       Use device certificate for web administration

 

Regards

Dhiresh

**Please rate helpful posts**

 

120
Views
0
Helpful
1
Replies
CreatePlease to create content