Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
810
Views
0
Helpful
3
Replies

Location of webauth certificate?

Go to solution
Colin Higgins
Level 2
Level 2

‎04-01-2019 07:11 AM - edited ‎07-05-2021 10:10 AM

I used the WLC 5508 GUI to generate a CSR for webauth. Went through all the fields and clicked "generate"

 

However, I don't know where the system put the newly created file or what it called the file? 

 

Does anyone know where the WLC puts these files, and what it names them?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
patoberli
VIP Alumni
VIP Alumni
In response to Colin Higgins

‎04-02-2019 11:25 PM

If it contains the full chain, open it in a text editor. You should then see two or more CERTIFICATE START sections. One of those (probably the last) is the device certificate request. Simply copy that to a new text file and let your CA sign it.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
d.friday
Level 4
Level 4

‎04-01-2019 07:56 AM

Note: The CSR is printed on the terminal after you enter the command. There are no other ways to retrieve it; it is not possible to upload it from the WLC nor is it possible to save it. You must copy/paste it to a file on your computer after you enter the command. The generated key stays on the WLC until the next CSR is generated (the key is thus overwritten). If you ever have to change the WLC hardware later on (RMA), you will not be able to reinstall the same certificate as a new key and CSR will have to be generated on the new WLC.

 

Take a look at this link it should help you 

 

https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/109597-csr-chained-certificates-wlc-00.html

 

I Hope this helps

David

0 Helpful

Go to solution
Colin Higgins
Level 2
Level 2
In response to d.friday

‎04-02-2019 10:28 AM

looks like when you do the webauth certificate, it generates a file called final.pem that can be uploaded from the controller

 

I did that, but now my certificate authority is telling me it is invalid, because it contains the full chain. I have no idea how to proceed from here, and had to contact the TAC

 

anything to do with certificates and the WLC has always been a nightmare. I don't know why Cisco can't streamline or fix this 

0 Helpful

Go to solution
patoberli
VIP Alumni
VIP Alumni
In response to Colin Higgins

‎04-02-2019 11:25 PM

If it contains the full chain, open it in a text editor. You should then see two or more CERTIFICATE START sections. One of those (probably the last) is the device certificate request. Simply copy that to a new text file and let your CA sign it.
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card