Now, we put the final.pem (Digital Certificate) in the Root Diretory of the TFTP Server, and load the same into the WLC.
(it is convenient to put the digi-cert in the root dir of the tftp, so that the Certificate File Path in the GUI of the WLC can be set as '.')
Loading of cert can be either with GUI or CLI of the WLC.
Check the box -> "Download SSL Certificate", and fill the details.
CLI commands to load the certificate into the controller
transfer download serverip <IP of server>
transfer download datatype webauthcert
transfer download filename <cert filename>
transfer download mode tftp
debug transfer tftp enable
transfer download start
If loading of the Digital Certificate is successful, you need to reboot the WLC.
If the Digi-Cert cannot be loaded into the WLC :
debug transfer all enable.
verify that password is used.
After the submission of the CSR to the CA, we at times, get the files from the CA which represents the public key , however we do not know which one is the Root or Intermediate or the Device certificate. Say, we have these files in .crt format. Now, when we open these files we should follow the following:
In the Root certificate, 'Issue To' and 'Issued By' should be same, which will represent the ROOT CA.
In the Intermediate certificate, 'Issued By' should be the Root CA, and 'Issue To' should be the Intermediate CA.
In the Device certifiate, 'Issued To' should be the Device and 'Issued By' should be the Intermediate CA.