Re: Generate a self signed certificate for wlc 5508

salilai01 · ‎07-15-2013

Hi,

have you any experience about deploying self signed certificate for WLC?

Scott Fella · ‎07-15-2013

What do you really mean? The WLC has a self signed certificate already and you always can regenerate that certificate. It will not generate a self signed for other devices.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

salilai01 · ‎07-16-2013

I mean that I want to trust my laptop

Stephen Rodriguez · ‎07-16-2013

You would need a CA to do that. The WLC will only generate a certificate for itself, not for end devices.

what exactly are you looking to do?

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

salilai01 · ‎07-16-2013

Hi Steve,

I'm looking after a way to solve the problem of repetitive re-authentication by using Certificate (delivred by my company) and with using also either EAP-TLS or EAP-PEAP or both.

PS: I want that with the corporate's asset the emplyee hasn't to authenticate himself each time he want access to wireless

Regards,

Stephen Rodriguez · ‎07-16-2013

That is easily doable via either EAP-TLS or PEAP. With TLS you need to have a PKI infrastructure in place already, and you would issue certificates to the machines and possibly to the users. Though you can just do machine authentication to get the laptop connected, then the user credentials will pass to your AD server to allow the user to logon.

Or you can do PEAP. By default WZC will use the logon credentials to the laptop. So, if the machine is a corporate device, when they logon to it, WZC will send those credentials to your AAA server, if they are valid user gets on. And as the credentials are cached on the laptop, the user shouldn't need to provide them, though hiccups do happen.

So from the WLC perspective you set the WLAN to be WPA2/AES/802.1x. Define the AAA server, and test.

http://www.cisco.com/en/US/products/ps10315/products_configuration_example09186a0080bfb19a.shtml

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

Abhishek Abhishek · ‎07-15-2013

Hello Sali,

As per your query i can suggest you the following solution-

Complete these steps from the CLI:

•1. Enable Accept Self Signed Certificate on the WLC.

The command is config auth-list ap-policy ssc enable.

(Cisco Controller) >config auth-list ap-policy ssc enable

•2. Add the AP MAC address and hash key to the authorization list.

The command is config auth-list add ssc AP_MAC AP_key.

(Cisco Controller) >config auth-list add ssc 00:0e:84:32:04:f0

9e4ddd8dfcdd8458ba7b273fc37284b31a384eb9

For more information please refer to the link-

http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a00806a426c.shtml

Hope this will help you.

mmangat · ‎07-16-2013

Hello,

Please take a look at this short cisco doc. Hope it helps.

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00806e367a.shtml