Use this method to stop the annoying security alert when logging into HTTPS to manage the WLC's.
Install openssl0_9_8 on a Windows 2000/XP PC
Navigate to C:\OpenSSL\bin
Need to create the Cert request on behalf of the WLC. This creates the private "mykey.pem" and request "myreq.pem". Fill in information and put the WLC hostname as the CN. Remember the password!
OpenSSL> req -new -newkey rsa:1024 -nodes -keyout mykey.pem -out myreq.pem
Open myreq.pem in wordpad and copy
Goto https://ca_servert/certcrv and login as administrator
Request a Certificate
Advanced Request
Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.
Paste the request and select Template Web Server
Download cert in Base 64 Format, save to open SSL folder as certnew.cer
Run the next command to merge the cert with the private key file
OpenSSL> pkcs12 -export -in certnew.cer -inkey mykey.pem -out finalcert.p12 -clcerts -passin pass:cisco -passout pass:cisco
You then need to convert thr p12 file into a pem file for the controller
OpenSSL> pkcs12 -in finalcert.p12 -out final.pem -passin pass:cisco -passout pass:cisco
The cert is now created, need to upload it to the controller type webadmincert and dont forget to add a DNS entry for the hostname!
The same process can also be used for adding device certs for Local EAP. You will also require the CA Cert to be installed on the controller.
Request the CA cert and download in DER format. Then convert to PEM
OpenSSL> x509 -in rootca.cer -inform DER -out rootca.pem -outform PEM
No comments:
Post a Comment