can this be done?  i have 2 controllers with expired certs and would like to save money buy purchasing only one certificate.  the information i'm finding is conflicting.  

our systems were originally built by contractors so i'm not sure how they did it.  both controllers are using a wildcard cert which i assumed was the same cert used on each.  there is also the discussion here that says you can do it https://community.cisco.com/t5/wireless/3rd-party-ssl-cert-and-two-wlc-s/m-p/2821084

however, according to the cisco documentation, when you do the CSR command from the CLI it generates a private key that stays on the local controller and as such the cisco documentation says the related signed cert cannot be used on any other controller

https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/109597-csr-chained-certificates-wlc-00.html