i would like to generate or import a device certificate for the C9800 WLC, so that there is no self signed certificate used for Web GUI.
I would do that with the guide in "Generate and Download CSR Certificates on Catalyst 9800 WLCs" https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/213917-generate-csr-for-third-party-certificate.html
Since the WLC is managed by DNA Center, I would suggest you changed the self-signed certificates through DNA Center and then force push telemetry to the device.
You can find the guide for this process here.
If you change the certificates straight on the WLC, it is very likely that communication between WLC and DNAC will be impacted.
Should you need more details, please reply to this thread.
If you find my reply solved your question or issue, kindly click the 'Accept as Solution' button and vote it as helpful.You can also learn more about Cisco DNA Center through our live Ask the Experts (ATXs) session. Check out Cisco DNA Center ATXs Resources [https://community.cisco.com/t5/networking-knowledge-base/cisco-dna-center-ask-the-experts-resources/ta-p/4394489] to view the latest schedule for upcoming sessions, as well as the useful references, e.g. online guides, FAQs.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: