Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

applying ssl certificates to the 4404 controller

How is this done? We bought a certificate file and have 2 4404 controllers.

Where do I go to apply this and how do I apply this?

Also will my single cert work for 2 controllers?

12 REPLIES
Hall of Fame Super Silver

Re: applying ssl certificates to the 4404 controller

Is this cert for guest or for management. If it is for guest, then you can use it on multiple wlc, if it is for management, then no. The reason is that when you generated the CSR, you specified a CN which you will resolve via DNS. For management, you have different ip address for management, so you will need one per wlc. For guest webauth, you use the VIP to resovle the CN so you can use that on multiple wlc's.

To install the cert for management, you would click on the management tab on the wlc and then on HTTP and check Download SSL Certificate, enter the info and hit apply.

To install the cert for webauth, you would click on Security tab, then Web Auth then certificate.Fill in the info and hit enter.

Hope this helps.

-Scott
*** Please rate helpful posts ***
New Member

Re: applying ssl certificates to the 4404 controller

When you say Guest and Management do you mean an interface or do you mean a type of cert?

Same for Guest..I know you can make local accounts on the controllers that are called guest accounts.

Here is what we are trying to do. When students connect to the student SSID and open up a web page they are directed to web page to login (webauth) with LDAP User name and pass. Before they get to the webaut page their computer tells them that we don't have a cert and asks if they should trust the web page etc. We don't want this

Hall of Fame Super Silver

Re: applying ssl certificates to the 4404 controller

Then you need to generate and load an ssl cert for webauth. I use RapidSSL since they give you a root ca certificate and not a chained cert.... soo much eaiser. Also chained is only supported on the 5.1.151.0 and later code. You need to generate a CSR by following this link. Again, get a RappidSSL cert and also you will need to download Open SSL to generate the CSR. Then upload that to your WLC. The CN name you will have to resolve in DNS to get rid of that error.

On the WLC, you need to enter that DNS CN in the VIP interface. There is a spot for you to put that in. You will need to reboot your wlc after you add the CN to the VIP interface in order for it to take place.

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00806e367a.shtml

Win32 OpenSSL:

http://www.slproweb.com/download/Win32OpenSSL_Light-0_9_8k.exe

-Scott
*** Please rate helpful posts ***
New Member

Re: applying ssl certificates to the 4404 controller

We already have one from VeriSign. We already downloaded the cert file.

So would this go under the security heading or the managment heading?

Hall of Fame Super Silver

Re: applying ssl certificates to the 4404 controller

VeriSign is a chained cert, so you need 5.1.151 code on the WLC. You would go under the Security tab and then there is a WebAuth tab on the left side. Check the box and fill out the info and hit apply. You will need to reboot the wlc and don't forget to add the CN to the VIP interface.

-Scott
*** Please rate helpful posts ***
New Member

Re: applying ssl certificates to the 4404 controller

Thanks for all the help. I have another question though.

Can we use a private IP like 172.16.1.2 for the Cert or does it have to be external ip ?

Hall of Fame Super Silver

Re: applying ssl certificates to the 4404 controller

You can use a private ip, but the VIP should not be on any subnet you are using on your network. What ever the clients are using as a dns obtained from dhcp, you will need that dns server to resolve that ip address.

-Scott
*** Please rate helpful posts ***

Re: applying ssl certificates to the 4404 controller

Thanks Fella ... i didnt know that about the man. cert !

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
Hall of Fame Super Silver

Re: applying ssl certificates to the 4404 controller

No problem.... so did you get it working?

-Scott
*** Please rate helpful posts ***
New Member

Re: applying ssl certificates to the 4404 controller

Well, I downloaded open SSL and im ready to send in my CSR. I'm getting ready to do that. I want to make sure I have the right answers in front of me so I don't void the cert.

Hall of Fame Super Silver

Re: applying ssl certificates to the 4404 controller

The CN is the most important part of that... don't fat finger it!

-Scott
*** Please rate helpful posts ***
New Member
844
Views
5
Helpful
12
Replies
CreatePlease to create content