topic Any server will do, install in Wireless

Web Auth Certificate

dgillam — Mon, 05 Jul 2021 14:31:27 GMT

Looking at going to a CA certificate to replace the self signed certificate for our guest wireless. Instructions say to install openssl and generate CSR. Are the instructions referring to installing openssl on the controller or will any server/PC that has the openssl application installed do? Just checking before i go through the process and it needs to be done on the controller.

Any server will do, install

biaacer2 — Thu, 10 Aug 2017 23:46:45 GMT

Any server will do, install openssl in your computer and follow the instructions, make sure you use openssl version 0.9.8x where 'x' could be any letter.

You can actually generate the CSR from the controller itself, without openssl, but I personally prefer the traditional method.

https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/109597-csr-chained-certificates-wlc-00.html

Re: Web Auth Certificate

Brett Verney — Thu, 24 Aug 2017 11:24:43 GMT

Using a single OpenSSL command =

openssl req -newkey rsa:2048 -nodes -sha256 -keyout privkey.key -out cert.csr -subj "/C=US/ST=New York/L=Brooklyn/O=Acme/OU=IT/CN=server.domain.com/emailAddress=it@acme.com"

If you Subject Alternative Names:

openssl req -newkey rsa:2048 -nodes -sha256 -keyout privkey.key -out cert.csr -subj "/C=US/ST=New York/L=Brooklyn/O=Acme/OU=IT/CN=server.domain.com/emailAddress=it@domain.com/subjectAltName=DNS.1=server1.domain.com,DNS.2=server2.domain.com,DNS.3=server3.domain.com"

If using Subject Alternative Names, ensure that whatever is in the common name field is also present in the SAN fields. You can use a wildcard in CN or SAN field (i.e. *.domain.com)

-Brett