Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1547
Views
0
Helpful
4
Replies

URGENT - Does the WLC support a chained Wildcard certificate

carl_townshend
Spotlight
Spotlight

‎04-10-2013 03:01 AM - edited ‎07-03-2021 11:53 PM

Hi all

I have a cisco WLC on version 7.2

I have been trying to import a chained wildcard cert on it for web auth, however it keeps failing.

My question is, does the WLC support a chained Wildcard cert.

If so, what is the correct procedure to install it ?

cheers

Carl

Labels:
0 Helpful
4 Replies 4

johncaston_2
Level 1
Level 1

‎04-10-2013 03:51 AM

I'm assuming that you want to use wildcard Certs so that you can use the same cert on multiple WLC. You can configure each WLC with the same virtual IP and therefore use the same certificate in that way.
The virtual IP is local to each WLC so it can be the same on multiple WLC. Generate the cert with the common URL and IP

Haven't tried a wildcard cert

Good luck

John

Sent from Cisco Technical Support iPad App

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame

‎04-10-2013 04:07 AM

Yes a wildcats cert will work. I have used them on some installs.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
0 Helpful

carl_townshend
Spotlight
Spotlight
In response to Scott Fella

‎04-10-2013 04:51 AM

I think im going to get a new cert from the provider, what is best practice, chained or unchained cert ?

cheers

0 Helpful

Ravi Singh
Level 7
Level 7

‎04-22-2013 12:44 PM

yes its support. Below is the procedure to install it.

Cisco WLC (Wireless LAN Controllers) require the entire SSL cert chain to be installed on the appliance. I like to do this via IIS since it is very quick and efficient and all my intermediate and root certs are already on there typically (double check your servers please).

1. Create a temporary site in IIS and generate a CSR. Make sure the domain matches whatever appliance you are trying to generate it for exmp: wireless.yourcompany.com.

If you are exporting a wildcard cert that might already be on your IIS server, just export it as a PFX and skip to step 5.

2. Send the CSR to your registrar and wait for them to validate.

3. Get the .crt and convert it to .cer (just open the .crt and save it as .cer). Do the same for the intermediate and root certs you received.

4. Install the .cert in IIS as well as all intermediate and root certs they send you.

5. “View” the cert in IIS (Site properties > Directory Security > View Certificate > Details Tab > Copy to File) and export it with the private key in pkcs12 (.pfx) format. Also make sure to check “Include all certificates in the certification path is possible”. Just set the password as “password” so it’s easy to remember.

6. Now you have a .pfx with your whole SSL cert chain but you need to convert it to .pem for the WLC.

7. Use this command with OpenSSL:

openssl pkcs12 -in yourcert.pfx -out yourcert.pem

8. Type the “password” when prompted

9. TFTP the new .pem containing the whole SSL cert chain and private key over to the WLC and reboot. You will have to specify the “password” when you type in your TFTP info and Save and Reboot the WLC after the download is successful. Test it out and it should work.

Cisco WLC (Wireless LAN Controllers) require the entire SSL cert chain to be installed on the appliance. I like to do this via IIS since it is very quick and efficient and all my intermediate and root certs are already on there typically (double check your servers please).

1. Create a temporary site in IIS and generate a CSR. Make sure the domain matches whatever appliance you are trying to generate it for exmp: wireless.yourcompany.com.

If you are exporting a wildcard cert that might already be on your IIS server, just export it as a PFX and skip to step 5.

2. Send the CSR to your registrar and wait for them to validate.

3. Get the .crt and convert it to .cer (just open the .crt and save it as .cer). Do the same for the intermediate and root certs you received.

4. Install the .cert in IIS as well as all intermediate and root certs they send you.

5. “View” the cert in IIS (Site properties > Directory Security > View Certificate > Details Tab > Copy to File) and export it with the private key in pkcs12 (.pfx) format. Also make sure to check “Include all certificates in the certification path is possible”. Just set the password as “password” so it’s easy to remember.

6. Now you have a .pfx with your whole SSL cert chain but you need to convert it to .pem for the WLC.

7. Use this command with OpenSSL:

openssl pkcs12 -in yourcert.pfx -out yourcert.pem

8. Type the “password” when prompted

9. TFTP the new .pem containing the whole SSL cert chain and private key over to the WLC and reboot. You will have to specify the “password” when you type in your TFTP info and Save and Reboot the WLC after the download is successful. Test it out and it should work.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card