I was able to generate one following the CLI method, but when we login to WLC which cert is presented is that CSR Auth or CSR Admin.

For admin pupropse, you have to generate webadmin CSR.

WebAuth is for Guest wireless

Regards

Rasika

I have to do this on a WLC cluster 5508, do I need to generate CSR from both boxes and upload PEM individually?

yes you are corret

I am unable to generate CSR on standby unit.

(Cisco Controller-Standby) >config certificate generate csr-webadmin xx xx xxx itservices@abc.com

Incorrect usage.  Use the '?' or <TAB> key to list commands.

I don't see more options to generate on standby unit. I am unable to login to peer ip using TACACS login. is this because of no peer route?

Anyone can help? I need to find a way to load the cert on both WLC's.

Is the process that I can use same pem generated with CSR from primary unit on standby as well?

Load the same pem and restart?

hi Rasika, i got the wildcard certificate from customer. But i had a CSR generated by the same time on the primary unit. Now after loading the 3rd party signed cert and reloading , i have lost access on Web to WLC. is this due to the CSR generation and reload without loading the cert/pem generated with that?

How can i recover the WLC now on GUI? Can i go ahead and generate certificate and load the 3rd party cert on to the WLC?

Hi Royce,

Using this command generate a Self signed certificate and reload the WLCs once and see if you are able to get the GUI of it.

This command helps to generate the WLC self-signed certificate.

config certificate generate webadmin

I have faced similar issue and tried, it worked on Chrome but not in Mozila.

Then follow the same procedure suggested by Rasika.