Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

certificate in WLC

Hi All,

There're some different kind of certificates in the WLC, I'm a bit confused. Is there any document give them a summarization? For example, can some of the certs share the same cert?

1. HTTPS has a SSL cert(CN=

2. Web-Auth has a SSL cert(CN=

3.  LSC (X.509 cert)

4. IPSec CA cert

5. IPSec ID Cert

I guess 1 and 2 can share the same SSL cert, however I don't know what the CN should be looked like when generate CSR to CA(Web-Auth should use virtual gw IP, HTTPS should use management IP).

Thanks for any input!

Community Member

Re: certificate in WLC


We retain the Cisco certificate for use on the HTTPS admin interface.

We install a 3rd party cert for use on our web authentication:

We haev the 3rd party cert tied to a hostname, which resolves to currently, as as and when someone eventually uses as a publically routable address, we can just to a quick DNS change and we will be unaffected.


Re: certificate in WLC

Thanks for the info, my friend!

From our field engineer's feedback, the HTTPS cert for admin and the Web-Auth cert can share the same SSL cert, the condition is that to create a record in the local DNS server, in this record, one DNS name maps to two IP addresses(Virtual Gateway IP and WLC Management IP), then use this DNS name as CN to generate the SSL cert. Currently there's no bug or potential risk found. Everything works fine.

For all the other 3 kind of certs, it seems can't share. LSC is for regenerating AP/WLC X.509 cert(mutual auth during join process), never tested it, don't know how it behaves.  IPSec cert seems can be used in:

1.  Radius connection(not tested, don't know which Radius server can support IPSec)

2. Secure Mobility(UDP 16667)

3. VPN termination in WLAN profile(it seems only very old versions support it, 4.0, etc)

Anyway, it seems a lot of certs needed, customers are not happy for it since they have to pay more money

CreatePlease to create content