Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Replace LWAPP ssc (self-signed-certificate)

Hello,

is it possible to replace the standard lwapp ssc against one of our company CA-certificates to allow the wlc to check the correctness of the aps certificate ? (button under security/aaa/ap policies -> Authorize AP agains aaa on the wlc) Is there maybe any guide, which i can't find on cisco.com ? :) When iam connected to the lwapp via console i can see or modify the sscs.

Thanks for feedback/suggestions

2 REPLIES

Re: Replace LWAPP ssc (self-signed-certificate)

The WLC is hard coded with certificates from Cisco, as are Cisco Access Points. The two devices mutually authenticate each other using these (x.509) certificates, and there's nothing you can do about that I'm afraid - any Cisco WLC will always trust any Cisco AP.

BUT

If your approach is from the perspective of preventing unauthorised Cisco APs from connecting to your WLC, then you can use the AAA feature you mention.

Take a look here...

http://www.cisco.com/en/US/products/hw/wireless/ps430/products_configuration_example09186a00808c7234.shtml

Regards,

Richard

New Member

Re: Replace LWAPP ssc (self-signed-certificate)

Thank you Richard for that link. Thats exactly what iam looking for !

319
Views
5
Helpful
2
Replies
CreatePlease to create content