Hello,
As per your query i can suggest you the following solution-
You can use an LSC if you want your own public key infrastructure (PKI) to provide better security, to have control of your certificate authority (CA), and to define policies, restrictions, and usages on the generated certificates.
The LSC CA certificate is installed on access points and controllers. You need to provision the device certificate on the access point. The access point gets a signed X.509 certificate by sending a certRequest to the controller. The controller acts as a CA proxy and receives the certRequest signed by the CA for the access point.
For more information please refer to the link-
http://www.cisco.com/en/US/docs/wireless/controller/5.2/configuration/guide/c52lwap.html
Hope this will help you.