Solved: OpenSSL only way to obtain WLC CSR?

lcaruso · ‎12-30-2013

Hi,

I'm running Windows 8.1 and not having any luck with OpenSSL. Is there any other means to generate a CSR for a WLC 5508 web auth cert?

Thanks.

Scott Fella · ‎12-30-2013

I have always used OpenSSL light v9.8 and never had issues. You can always use another method to generate a CSR, but you have to convert the cert they provide you to a pem. There are online conversions but to me that is more of a hassle.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

View solution in original post

Reuben Farrelly · ‎01-20-2014

I think you're referring to OpenSSL version 0.9.8 (not v9.8).

The bug you're referring to is:

https://tools.cisco.com/bugsearch/bug/CSCti65315

Fixed in WLC 7.5 and 7.6 (and 8).

View solution in original post

Amjad Abdullah · ‎01-20-2014

Usually you can get Linux OS installed (virtually) and get openSSL to work on it.

If your issue is with the OS, you can virtually install any older windows version (windows XP, windows 7) that works fine with the 0.9.8 OpenSSL. Generate the CSR then remove the VM.

Rating useful replies is more useful than saying "Thank you"

View solution in original post

Scott Fella · ‎01-21-2014

I typically just have OpenSSL installed on a Windows VM in my Mac. To me, there is no need for me to install v1.0 since 0.9.8 works fine for all versions of WLC code. The biggest issue was people were downloading the latest version of OpenSSL which didn't work with the older versions of code until Cisco supported that on the later versions. We still use the 0.9.8 versions because we still see customers who standardize on the 7.0 or other code versions that only work with 0.9.8. There just isn't a need to upgrade for a tool to create a CSR. We also use the windows version because we automate this process which makes it easier for us.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

View solution in original post

Scott Fella · ‎12-30-2013

I have always used OpenSSL light v9.8 and never had issues. You can always use another method to generate a CSR, but you have to convert the cert they provide you to a pem. There are online conversions but to me that is more of a hassle.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

lcaruso · ‎12-30-2013

Thanks Scott. I'll try that version.

Scott Fella · ‎12-30-2013

There use to be an issue with OpenSSL v1.0 but some say it works, but I haven't tried it since v9.8 works like a charm:)

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Reuben Farrelly · ‎01-20-2014

I think you're referring to OpenSSL version 0.9.8 (not v9.8).

The bug you're referring to is:

https://tools.cisco.com/bugsearch/bug/CSCti65315

Fixed in WLC 7.5 and 7.6 (and 8).

Scott Fella · ‎01-20-2014

Yeah that's what I meant. I still use that version as it still works the best. No need to have two versions because you might still need to creat a CSR for older version WLC's.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Amjad Abdullah · ‎01-20-2014

Usually you can get Linux OS installed (virtually) and get openSSL to work on it.

If your issue is with the OS, you can virtually install any older windows version (windows XP, windows 7) that works fine with the 0.9.8 OpenSSL. Generate the CSR then remove the VM.

Rating useful replies is more useful than saying "Thank you"

Scott Fella · ‎01-21-2014

I typically just have OpenSSL installed on a Windows VM in my Mac. To me, there is no need for me to install v1.0 since 0.9.8 works fine for all versions of WLC code. The biggest issue was people were downloading the latest version of OpenSSL which didn't work with the older versions of code until Cisco supported that on the later versions. We still use the 0.9.8 versions because we still see customers who standardize on the 7.0 or other code versions that only work with 0.9.8. There just isn't a need to upgrade for a tool to create a CSR. We also use the windows version because we automate this process which makes it easier for us.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

lcaruso · ‎01-21-2014

Last week I installed Ubuntu on a spare SSD I had sitting around and just boot that when I need OpenSSL.

Thanks.