A step-by-step guide to install an SSL certificate on WLC
Wireless LAN Controllers have become a crucial part of today’s wireless network environments. Generally, WLCs are deployed in networks having high light-weight access points present in large quantities. When it comes to WLCs, it’s hard to look past Cisco—the leading name in this domain.
Some of you might be aware of the fact that Cisco WLCs come with HTTPS servers enabled by default. This is great as it facilitates encryption between access points. However, it comes with a pitfall—a major one. The SSL certificate underlying Cisco WLC is a self-signed certificate. As a result, all the users who are connected to the wireless network get a pesky warning. To make this warning disappear, you need to install a 3rd party SSL certificate on your WLC.
So, let’s see how you can install a 3rd party SSL certificate on Cisco Wireless LAN Controller (WLC).
Step 1: CSR Generation
The first part of any SSL installation process begins with CSR generation, and Cisco WLC is no different. Follow the steps below to generate a CSR for Cisco WLC. Skip this part and jump to the installation if you’ve already generated the CSR.
Note: This CSR generation process has been done using OpenSSL. You can generate the CSR using WLC too, but it doesn’t allow you to add subject alternative names (SANs). That is why we haven’t included this option.
- First, download and install the OpenSSL application from https://www.openssl.org/
- Now, you’ll have to enter the command below:
OpenSSL req –new -newkey rsa:2048 -nodes -keyout mykey.key –out myreq.csr
- Now enter the requested information as described below.
- Country Name: 2-digit country code
- State/Province: Write the full name of the state. For example, Florida.
- City: Write the full name of the city. For example, New York
- Organization Name: Write the full name of your organization without any special characters. If you want to issue an OV or an EV SSL certificate, you must write the legal name of your organization.
- Organization Unit: Name of the department (e.g., Marketing Department)
- Common Name: Mention the domain name that you specified on virtual interface of WLC (e.g., yourdomainname.com.)
- Email: The email ID through which certification will take place
- Enter a password of your choice
- Now you have two files – CSR and Private Key. It will be stored in the OpenSSL bin folder. Their names would look like ‘pem’ and ‘myreq.pem.’ The myreq.pem file is the CSR, and it will be used to issue your certificate.
Step 2: Certificate Download
Download the certificate files from your account. Skip this if you already have the files at your disposal.
Step 3: Certificate Chaining
- Now, you’ll have three certificate files – device certificate, intermediate certificate, and root certificate. Copy and paste the contents of each certificate in a text editor such as Notepad. Every certificate you copy, and paste must be starting from —–BEGIN CERTIFICATE—– and ending at —–END CERTIFICATE—–.
The all certificate file should be in the following order:
1) Device certificate
2) Intermediate certificate
3) Root certificate
- Save the file as ‘Allcerts’ with the .pem extension.
- Move the pem file and Allcerts.pem file in the bin folder of OpenSSL in Program Files.
- Once again, open OpenSSL. Execute the following commands:
openssl pkcs12 –export -in Allcerts.pem -inkey mykey.pem –out All–certs.p12 -clcerts -passin pass:check123 -passout pass:check123
openssl pkcs12 –in Allcerts.p12 –out final-cert.pem -passin pass:check123 –passout pass:check123
Step 4: Upload certificate to WLC
- Log into WLC through your browser.
- Go to the following path:
Web GUI > Security > Web Auth > Certificate: Check the box: Download SSL Certificate
- Enter the certificate path in the File Path Field
- Enter the name of the certificate in the File Name Field
- In the Certificate Password field, enter the password that you entered in the 1st
- Click Apply
- Once the downloading gets over, go to Commands > Reboot
- Save & Reboot
- Click on Ok
Say bye-bye to those pesky warnings because you have just installed an SSL certificate on Cisco WLC.
- Install an SSL Certificate on Red Hat Linux Apache Server
- Install an SSL Certificate on Ubuntu Server using Apache
- Install SSL Certificate on Node.js
- Install SSL Certificate on Amazon Web Services
- Oracle GlassFish SSL Installation
Before Installing the SSL
CISCO Wireless Lan Controller only accepts SSL Certificate from a genuine and trusted SSL Certificate Authority. Buy trusted SSL Certificate from at a cheap price with heavy discount rates.