cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
166
Views
2
Helpful
3
Replies

SSL Key Length for WLC 5508

enzo99
Level 1
Level 1

Hello guys,

I am trying to deploy a WebAdmin-Certificate for our 5508 Cluster.
I've downloaded the request via TFTP from the WLC and handed it to our internal Windows CA.

certreq -submit -attrib "CertificateTemplate:MyTemplate" [Path to file]

The problem is that the template has a specified key length of 4096 which does not seem to be in the certificate request. We receive an key size error when trying to sign the CSR by our internal CA. Changing the key size in the template is not an option.

Is there a way to change the key length in CSR to 4096 ? 

Thanks in advance!

1 Accepted Solution

Accepted Solutions

 

                  >...I'd like to avoid using OpenSSL if possible.
    - Not possible , by the way the openssl command is supposed to be executed on a windows host where the certificate is prepared , not on the controller ,
or in the document look for Option B. CSR Generated by the WLC this does not in include GUI support

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

View solution in original post

3 Replies 3

marce1000
VIP
VIP

 

         - Ref : https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/109597-csr-chained-certificates-wlc-00.html
               >...WLCs support a maximum key size of 4096 bits as of 8.5 software version

     Whether the above is applicable or not   certainly go for  8.5.182.12 (8.5.182.13 for 3504s)
     as per https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/200046-tac-recommended-aireos.html
    the reason being that the 5508 is old and EOL and all issues should be verified against the last release made available for it , 

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Hi, 

thank you very much for the linked documentation. The document states that "CSR generation by the WLC itself uses a 2048 bits key size and ecdsa key size is 256 bits"

Is there any way to change the keysize while using the GUI? I'd like to avoid using OpenSSL if possible. Thank you very much in advance!

 

                  >...I'd like to avoid using OpenSSL if possible.
    - Not possible , by the way the openssl command is supposed to be executed on a windows host where the certificate is prepared , not on the controller ,
or in the document look for Option B. CSR Generated by the WLC this does not in include GUI support

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
Review Cisco Networking for a $25 gift card