Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new blog
1481
Views
5
Helpful
1
Comments

openssl v1.1.0c confirmed working CSR for WLC

Jeffrey Keown
Cisco Employee
Cisco Employee
‎01-06-2017 08:07 AM

The old version of open ssl 0.9.8h referenced on the cert generation doc doesn't work (if you enter a password in the CSR process).

http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/109597-csr-chained-certificates-wlc-00.html#anc8

Will work on updating link.

Working exact steps with v1.1.0c:

Confirmed working CSR with openssl, Windows 7 64 bit machine.

Install:

https://slproweb.com/products/Win32OpenSSL.html

Win64 OpenSSL v1.1.0c

Windows Dos prompt:

cd C:\OpenSSL-Win64\bin

openssl

req -new -newkey rsa:1024 -nodes -keyout mykey.pem -out myreq.pem -config C:\OpenSSL-Win64\bin\cnf\openssl.cnf

C:\>cd C:\OpenSSL-Win64\bin

C:\OpenSSL-Win64\bin>openssl
OpenSSL> req -new -newkey rsa:1024 -nodes -keyout mykey.pem -out myreq.pem -config C:\OpenSSL-Win64\bin\cnf\openssl.cnf
Generating a 1024 bit RSA private key
........++++++
..................++++++
writing new private key to 'mykey.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:NC
Locality Name (eg, city) []:RTP
Organization Name (eg, company) [Internet Widgits Pty Ltd]:TAC
Organizational Unit Name (eg, section) []:HTTS
Common Name (e.g. server FQDN or YOUR name) []:WLC-1
Email Address []:test@cisco.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:password123
An optional company name []:cisco
OpenSSL> quit

C:\OpenSSL-Win64\bin>dir *.pem
 Volume in drive C has no label.
 Volume Serial Number is 1496-D193

 Directory of C:\OpenSSL-Win64\bin

01/06/2017  10:55 AM               932 mykey.pem
01/06/2017  10:59 AM               750 myreq.pem
               2 File(s)          1,682 bytes
               0 Dir(s)  304,623,710,208 bytes free

1 Comment
Nicolas Darchis
Cisco Employee
Cisco Employee
‎01-09-2017 01:59 AM
‎01-09-2017 01:59 AM

Thanks for testing Jeff !

I've updated the internal version of the doc. Before pushing the change to cisco.com, i haven't noticed any difference in the CLI you mention here and the one in the doc, so I suppose nothing changed in the commands between openssl 0.9.8 and 1.1 ?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Popular Articles
Customers Also Viewed These Support Documents
French webcast-routing