Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

5508 Wireless


On the 5508 controller there seems to be a lot of certificates that can be installed.  Is there an up to date article that covers all of them?


commands->download file to controller   (vendor CA certificate)
                                                                 (vendor device certificate)   MUST BE IN PEM format

management->http-https:  (X) ssl     cert   

security->web auth->   (x) ssl cert      



When using OPenssl 9.8h I seemed like the only way I could create the request file was to not have a password (I was receiving memory alloc error when a password was specifed)


req -new -newkey rsa:2048 -nodes -keyout mykey.pem -out myreq.pem -config c:\openssl\share\openssl.cnf      

                          REM   creates the  mykey.pem and myreq.pem files

combine the certs together in a file called all-certs.pem

order is

openssl>pkcs12 -export -in All-certs.pem -inkey mykey.pem -out All-certs.p12 -clcerts -passin pass:check123 -passout pass:check123
openssl>pkcs12 -in All-certs.p12 -out final-cert.pem -passin pass:check123 -passout pass:check123

output--->      MAC verified OK

download (ssl)      final-cert.pem  to controller




Cisco Employee

Hi,I am not sure of the


I am not sure of the Article but their use is straight forward.

commands->download file to controller   (vendor CA certificate)
                                                                 (vendor device certificate)   MUST BE IN PEM format

Here device certificate and server certificate can be uploaded. Use case is EAP-TLS support when WLC is acting like a radius server. It needs to present its certificate and also validate client certificate when they present the same.So needs two certificates.


management->http-https:  (X) ssl     cert   

Here it just needs to present the certificate so that your browser doesnt give the warning.Go to Management > upload certificate for this purpose.

security->web auth->   (x) ssl cert

This certificate would be presented during web-auth when Internal web-server of the WLC is hit and you dont want warning because of that in your browser.Go to Security >web-auth>certificate to upload this certificate. This is attached to the virtual ip.From 7.6 onwards has to be fully chained.


Additionally you can force WLC to use device certificate as HTTPS management certificate using the command:

(WLC) >config certificate use-device-certificate ?

webadmin       Use device certificate for web administration




**Please rate helpful posts**


CreatePlease to create content