3rd Party Certificate Renewal for WLC Guest Network

loizza · ‎07-23-2023

Hiii Guys,

Anyone of you have done renewing their 3rd party cert specifically with GoDaddy.

I'm just having confusion; I see some guide that you need to generate CSR via OpenSSL or WLC GUI and need to upload it on WLC.

If I renew cert directly from GoDaddy and upload new cert in CA and then on WLC. Will it work?

10.0.0.0.1 192.168.1.254

Flavio Miranda · ‎07-23-2023

Hi @loizza

WLC AirOS base and IOS-XE based are different in the way they handle cert. Which WLC do you have?

Never used Godaddy but if you are using thirdy part certificate you need someone to sign the certificate. You need to generate the CSR, someone needs to sign and you need to upload to the wlc.

Either using the OpenSSL program or downloading from the WLC, you end up with 2 files. Let´s call it mykey.pem and myreq.pem.

The mykey.pem is the file you should to GoDaddy in order to be signed. When you get the files back you need to join them in one file in order to upload to the WLC. Godaddy seems to send you 2 files a Root Certificate and a combined certificate.

You can join thoses files content in one file, let´s call it all-certs.pem

Now, using the OpenSSL program, you can combine all the information together.

pkcs12 -export -in All-certs.pem -inkey mykey.pem -out All-certs.p12 -clcerts -passin pass:check123 -passout pass:check123

pkcs12 -in All-certs.p12 -out final.pem -passin pass:check123 -passout pass:check123

The finla file from this process should be uploaded to the WLC

This is for your reference:

https://www.rogerperkin.co.uk/wireless/how-to-install-ssl-certificate-on-cisco-wlc-for-guest-access/