Entrust Certificate Services Support Knowledge Base

Audience: General
Last Modified: 2012-05-28 14:31:44.0

TN 8029 - How do I install an SSL Certificate on a Cisco Wireless Lan Controller (WLC)?

Question: How do I install an SSL Certificate on a Cisco Wireless Lan Controller (WLC)?

Answer:

You need to create a pem file that contains the full chain of certificates. The full chain includes:

1 – Your SSL certificate (webserver)

2 - The Entrust cross certificate (L1C)

3 – The Entrust Root certificate (Entrust 2048 root)

The Cross and Root Certificates can be obtained here:

http://www.entrust.net/developer/index.cfm

To Create the .pem file with the full chain:

1 – Using a text editor (notepad is always recommended), create a file with all 3 certificates in

the following order:

-----BEGIN CERTIFICATE-----
(Your Web server Certificate)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Intermediate L1C certificate)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Entrust 2048 CA root certificate)
-----END CERTIFICATE-----

Save this file as allcerts.pem.

2 – Using OpenSSL, add your RSA private key with the chained SSL certificates so that you end up with a resulting .p12 file (PKCS#12)

openssl>pkcs12 -export -in allcerts.pem -inkey mykey.pem -out All-certs.p12 -clcerts -passin pass:entrust123 -passout pass:entrust123

3 – Convert the .p12 file into the final .pem file that you will load to the WLC:

openssl>pkcs12 -in All-certs.p12 -out finalcert.pem -passin pass:entrust123 -passout pass:entrust123

Your resulting file is called finalcert.pem. You are now ready to install your certificate on the WLC.

To install your SSL certificate with the full chain to the WLC (using the GUI):

1 – Make a copy of the finalcert.pem file and copy it to your TFTP server.

2 – Select Security > Web Auth > Cert to open up the Web Authentication page.

3 – Enable the Download SSL Certificate box to setup the TFTP parameters.

4 – Enter the IP address of the TFTP server in the IP Address field.

5 – Enter the path to the file in the Directory Path field and enter the file name in the file name field.

6 – Enter the password used for the file (in the example commands, entrust123 was used).

7 – Click Apply.

8 – After the file downloads from the TFTP server, reboot the WLC by going to Commands > Reboot > Reboot. Save any changes if prompted.

You have now installed an SSL certificate.