A step-by-step guide to install an SSL certificate on WLC

Wireless LAN Controllers have become a crucial part of today’s wireless network environments. Generally, WLCs are deployed in networks having high light-weight access points present in large quantities. When it comes to WLCs, it’s hard to look past Cisco—the leading name in this domain.

install ssl on cisco wireless lan controller (wlc)

Some of you might be aware of the fact that Cisco WLCs come with HTTPS servers enabled by default. This is great as it facilitates encryption between access points. However, it comes with a pitfall—a major one. The SSL certificate underlying Cisco WLC is a self-signed certificate. As a result, all the users who are connected to the wireless network get a pesky warning.       To make this warning disappear, you need to install a 3rd party SSL certificate on your WLC.

So, let’s see how you can install a 3rd party SSL certificate on Cisco Wireless LAN Controller (WLC).

Step 1: CSR Generation

The first part of any SSL installation process begins with CSR generation, and Cisco WLC is no different. Follow the steps below to generate a CSR for Cisco WLC. Skip this part and jump to the installation if you’ve already generated the CSR.

Note: This CSR generation process has been done using OpenSSL. You can generate the CSR using WLC too, but it doesn’t allow you to add subject alternative names (SANs). That is why we haven’t included this option.

  1. First, download and install the OpenSSL application from https://www.openssl.org/
  2. Now, you’ll have to enter the command below:
OpenSSL req –new -newkey rsa:2048 -nodes -keyout mykey.key –out myreq.csr
  1. Now enter the requested information as described below.
  • Country Name: 2-digit country code
  • State/Province: Write the full name of the state. For example, Florida.
  • City: Write the full name of the city. For example, New York
  • Organization Name: Write the full name of your organization without any special characters. If you want to issue an OV or an EV SSL certificate, you must write the legal name of your organization.
  • Organization Unit: Name of the department (e.g., Marketing Department)
  • Common Name: Mention the domain name that you specified on virtual interface of WLC (e.g., yourdomainname.com.)
  • Email: The email ID through which certification will take place
  1. Enter a password of your choice
  2. Now you have two files – CSR and Private Key. It will be stored in the OpenSSL bin folder. Their names would look like ‘pem’ and ‘myreq.pem.’ The myreq.pem file is the CSR, and it will be used to issue your certificate.

Step 2: Certificate Download

Download the certificate files from your account. Skip this if you already have the files at your disposal.

Step 3: Certificate Chaining

  • Now, you’ll have three certificate files – device certificate, intermediate certificate, and root certificate. Copy and paste the contents of each certificate in a text editor such as Notepad. Every certificate you copy, and paste must be starting from —–BEGIN CERTIFICATE—– and ending at —–END CERTIFICATE—–.

The all certificate file should be in the following order:

1) Device certificate

2) Intermediate certificate

3) Root certificate

  • Save the file as ‘Allcerts’ with the .pem extension.
  • Move the pem file and Allcerts.pem file in the bin folder of OpenSSL in Program Files.
  • Once again, open OpenSSL. Execute the following commands:
openssl pkcs12 –export -in Allcerts.pem -inkey mykey.pem –out All–certs.p12 -clcerts -passin pass:check123 -passout pass:check123


openssl pkcs12 –in Allcerts.p12 –out final-cert.pem -passin pass:check123 –passout pass:check123

Step 4: Upload certificate to WLC

  • Log into WLC through your browser.
  • Go to the following path:

Web GUI > Security > Web Auth > Certificate: Check the box: Download SSL Certificate

  • Enter the certificate path in the File Path Field
  • Enter the name of the certificate in the File Name Field
  • In the Certificate Password field, enter the password that you entered in the 1st
  • Click Apply
  • Once the downloading gets over, go to Commands > Reboot
  • Save & Reboot
  • Click on Ok

Say bye-bye to those pesky warnings because you have just installed an SSL certificate on Cisco WLC.

Important Resources

Related Posts

Before Installing an SSL Certificate, You Need to Purchase it

CISCO Wireless Lan Controller only accepts SSL Certificate from a genuine and trusted SSL Certificate Authority. Buy trusted SSL Certificate from at a cheap price with heavy discount rates.
Buy SSL Certificate at $5.45


Welcome to Savvy Security, a blog focused on providing practical cybersecurity advice for website owners and small businesses. Our team brings you the latest news, best practices and tips you can use to protect your business...without a multi-million dollar budget or 24/7 security teams.