Generating CSR for WLC 5508 - Page 2

nomadicwifi · ‎04-30-2010

Does Cisco WLC 5508 runnig code 6.0.196.0 allows you to generate CSR? Or do you have to use OPENSSL like in previous versions?

nomadicwifi · ‎07-29-2010

Hey guys,

After troubleshooting this with a TAC, we found out that Chained Certificates is not supported on the WLC till today. Not even on the latest version 7.0. I think I managed to upload the chained certificate successfully once but it still wouldn't work. It is a bug and still hasn't been resolved for Chained Certificates.

ronaking · ‎10-06-2010

up to Level 2 Chained certificates are supported on WLCs running 5..1.151.0 or later code

Certificate Levels

Level 0—Use of only a server certificate on WLC.
Level 1—Use of server certificate on WLC and a CA root certificate.
Level 2—Use of server certificate on WLC, one single CA intermediate certificate, and a CA root certificate.
Level 3—Use of server certificate on WLC, two CA intermediate certificates, and a CA root certificate. Level 3 or higher is not supported on WLCs.

Changes have been made in openssl version 1.0.x which is not backwards compatible with previous versions of openssl.

So if you are using openssl version 1.0.x to create the final-cert.pem, this will not be supported with the WLC.

If you use openssl version 0.9.8, then you will be able to build the final-cert.pem and be able to load it on the WLC.

The following product enhancement request (PER) has been created for the WLC.

http://cdetsweb-prd.cisco.com/apps/goto?identifier=CSCti65315CSCti65315 - Need Support for certificates generated using OpenSSL v 1.0