Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
230
Views
0
Helpful
2
Replies

Finalizing my SSL cert for my guest WLAN

Sean Coogle
Level 1
Level 1

‎02-12-2015 06:51 AM - edited ‎07-05-2021 02:29 AM

I have a guest network on my 10 controllers. These are Cisco 5508's with 7.6.100 code. I had a trusted cert through entrust to bypass the security warning when on the guest network. This has expired as of 3 days ago. I had this renewed and sent back to me by our security team. I got a link to entrust to create the chain of certs and made one in notepad, but I am missing something. I think it is the SSL piece that I am confused on. Does anyone have experience with what I have shown below? After this is complete, I can FTP this onto my controllers like I did a year ago.

 

 

Any help would be appreciated.

 

Sean

Labels:
0 Helpful
2 Replies 2

Stephen Rodriguez
Cisco Employee
Cisco Employee

‎02-12-2015 07:45 AM

you want to download and install OpenSSL .98a to do that portion. And yes once that is complete you can then TFTP that to your WLC

 

http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/70584-csr-wlc-00.html

 

HTH,

Steve

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
0 Helpful

Carlos Leiton
Level 1
Level 1

‎02-13-2015 12:46 PM

Hi Sean,

This is the deal, with version 7.6 you need to make sure the certificate chain is complete. Otherwise you will have problems loading the certificate into the WLC.

Basically you need to follow the steps mentioned on this guide:

http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/109597-csr-chained-certificates-wlc-00.html

I think you should be right now doing the steps on the second section: Obtain the Final.pem File

It is very important to follow these steps one by one, I have done this process hundreds of times and if you follow the steps it will work.
Make sure you paste the device certificate, the intermediate or intermediates (if there is more than 1) followed by the root certificate.
Also you need to have the private key on a separate .pem file
 

Once you have these files (an all-certs.pem, and a key.pem) then you followed the process of combining using the OpenSSL guidelines.
Note that only OpenSSLv0.98 will work, any flavour of 0.98 will make it.
The one I prefer to use I download it from this link:

https://slproweb.com/products/Win32OpenSSL.html

I have tested with Win32 OpenSSL v0.9.8ze Light and it works fine

Note as well, the password you use when doing the final.pem, is the same password that you use to upload the file to the WLC.

In my experience, most of the time this process could fail because the intermediate and root certificates does not match or does not complete the full chain. For the same CA there could be several different intermediates or root CA, so be careful to use the appropriates for your device certificate.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card