Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
450
Views
2
Helpful
3
Replies

SSL Key Length for WLC 5508

Go to solution
enzo99
Level 1
Level 1

‎06-18-2024 01:42 AM

Hello guys,

I am trying to deploy a WebAdmin-Certificate for our 5508 Cluster.
I've downloaded the request via TFTP from the WLC and handed it to our internal Windows CA.

certreq -submit -attrib "CertificateTemplate:MyTemplate" [Path to file]

The problem is that the template has a specified key length of 4096 which does not seem to be in the certificate request. We receive an key size error when trying to sign the CSR by our internal CA. Changing the key size in the template is not an option.

Is there a way to change the key length in CSR to 4096 ? 

Thanks in advance!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
marce1000
Hall of Fame
Hall of Fame
In response to enzo99

‎06-18-2024 02:45 AM

 

                  >...I'd like to avoid using OpenSSL if possible.
    - Not possible , by the way the openssl command is supposed to be executed on a windows host where the certificate is prepared , not on the controller ,
or in the document look for Option B. CSR Generated by the WLC this does not in include GUI support

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

View solution in original post

3 Replies 3

Go to solution
marce1000
Hall of Fame
Hall of Fame

‎06-18-2024 01:50 AM - edited ‎06-18-2024 02:09 AM

 

         - Ref : https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/109597-csr-chained-certificates-wlc-00.html
               >...WLCs support a maximum key size of 4096 bits as of 8.5 software version

     Whether the above is applicable or not   certainly go for  8.5.182.12 (8.5.182.13 for 3504s)
     as per https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/200046-tac-recommended-aireos.html
    the reason being that the 5508 is old and EOL and all issues should be verified against the last release made available for it , 

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Go to solution
enzo99
Level 1
Level 1
In response to marce1000

‎06-18-2024 02:30 AM

Hi, 

thank you very much for the linked documentation. The document states that "CSR generation by the WLC itself uses a 2048 bits key size and ecdsa key size is 256 bits"

Is there any way to change the keysize while using the GUI? I'd like to avoid using OpenSSL if possible. Thank you very much in advance!

0 Helpful

Go to solution
marce1000
Hall of Fame
Hall of Fame
In response to enzo99

‎06-18-2024 02:45 AM

 

                  >...I'd like to avoid using OpenSSL if possible.
    - Not possible , by the way the openssl command is supposed to be executed on a windows host where the certificate is prepared , not on the controller ,
or in the document look for Option B. CSR Generated by the WLC this does not in include GUI support

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card