Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new blog
17803
Views
5
Helpful
0
Comments

Installation of SSL webadmin cert on Cisco WLC

Tejas Pillaiah
Cisco Employee
Cisco Employee
‎05-13-2020 04:54 AM

Introduction

This document describes how to install a Webadmin Cert on WLC

Requirements

Before you attempt this configuration, you should have the final Webadmin cert in .pem format which is signed from the certificate authority.

Components Used

The information in this document is based on this software and hardware version:

Cisco 5520 WLC that runs firmware Version 8.5.161.0

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Installation of the Webadmin cert by GUI

Complete these steps to download the Webadmin certificate to the WLC from the GUI:

  1. Copy the .pem file to the default directory on your TFTP server.
  2. Choose Management > HTTP-HTTPS > to open the Webadmin Certificate page.
  3. Check the Download SSL Certificate* checkbox to view the Download SSL Certificate From TFTP Server parameters.
  4. In the IP Address field, enter the IP address of the TFTP server.
  5. In the File Path field, enter the directory path of the certificate.
  6. In the File Name field, enter the name of the certificate.
  7. In the Certificate Password field, enter the password that was used to protect the certificate.
  8. Click Apply                                                                                                                                        
  9. Click OK to confirm your decision to download Certificates from the specified Server.                              
  10. once the download is complete, you need to reboot the controller for the changes to take effect. choose Commands > Reboot > Reboot.
  11. If prompted to save your changes, click Save and Reboot.
  12. Click OK to confirm your decision to reboot the controller.webadmin.png

 

Installation of Webadmin cert by CLI

Complete these steps to download the Webadmin certificate to the WLC with the CLI:

  1. Move the .pem file to the default directory on your TFTP server.
  2. In the CLI, issue these commands to change the download settings: 
    >transfer download mode tftp
    >transfer download datatype webadmincert
    >transfer download serverip <TFTP server IP address>
    >transfer download path <absolute TFTP server path to the update file>
    >transfer download filename <name of the certificate>
  3. Enter the password for the .pem file so that the operating system can decrypt the SSL key and certificate. 
    >transfer download certpassword <password>
  4. Issue the "transfer download start" command to view the updated settings. Then enter at the prompt to confirm the current download settings and start the certificate and key download. 
    >transfer download start
  5. Once the certificate is installed successfully, reboot the WLC for the changes to take effect. Issue the "reset system" command to reboot the controller. enter at the prompt to save the configuration before the reboot if there are any unsaved configuration. 
    >reset system
    The system has unsaved changes.
    Would you like to save them now? (y/N)
      
    Configuration Saved!
    System will now restart!

 

Verify the installed certificate after the WLC reboot is complete.

CLI commands to check the newly installed certificate.

  (Cisco Controller) >show certificate summary
Web Administration Certificate................... 3rd Party
Web Authentication Certificate................... Locally Generated
Certificate compatibility mode:.................. off
Lifetime Check Ignore for MIC ................... Enable
Lifetime Check Ignore for SSC ................... Disable

you can use the following command to check the detail of the webadmin certificate

    >show certificate webadmin

 

Steps to verify the certificate from the GUI.

Choose Management > HTTP-HTTPS > Current Certificate to view the current Certificate.

 

Related Information

Generate CSR for Third-Party Certificates and Download Unchained Certificates to the WLC 

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Popular Articles
Customers Also Viewed These Support Documents
French webcast-routing