AirmagnetSurveyPro8. DownloadCisco WLC CLI Commands. Its that time of year and our Cisco WLC Web Authentication Certificate is close to expiration. Certificates are not my strong point and its not often I have to deal with them outside of ACS and the controllers. So I wanted to document these steps for my benefit for next go around. This is a step by step how to creating a CSR Certificate Signing Request with OPENSSL, processing a third party certificate that is CHAINED and download it to the Cisco WLC. Dependency Homework. Its always important to check your dependencies and NEVER assume. WLC versions earlier than 5. I-h1cErP1Q/0.jpg' alt='Airmagnet Survey Pro 8.0 Download' title='Airmagnet Survey Pro 8.0 Download' />This chapter describes the basic information necessary to understand radio frequency RF considerations in planning for various wireless local area network WLAN. DO NOT support chained certificates, ONLY ROOT SIGNED certificates. WLC versions 5. 1. Certificate Levels evel 0 Use of only a server certificate on WLCLevel 1 Use of server certificate on WLC and a CA root certificate. A question was asked on Cisco Support Community CSC enquiring about what antenna is deactivated when a Cisco 3700 access point doesnt receive a full 16. Watts. Level 2 Use of server certificate on WLC, one single CA intermediate certificate, and a CA root certificate. Level 3 Use of server certificate on WLC, two CA intermediate certificate, and a CA root certificate. Entrust does not support root signed certificates unchained as of 1. Since my anchors are on 4. I will be upgrading my controller code. When anchoring, the remote and anchor controllers connect using Eo. Airmagnet Survey Pro 8.0 Download' title='Airmagnet Survey Pro 8.0 Download' />
IP tunnels. Below is a quick look at supported code levels. Although, Cisco will tell you its best practice to have your Anchors and Remote WLCs on the same version of code. Softball Nation Chesterfield Va. Why a signed certificate on the Cisco Anchor WLC The Anchor WLC is configured with HTTPS. When a guest user connects to the wireless guest network they will be presented with a WLC self signed certificate or an expired certificate. As such, this will cause the please accept this certificate screen. By installed a signed CA certificate, you negate this screen and users move directly to the accept screen. Its really a inconvenience to the end user. OPENSSLIf this is your first time using OPENSSL, it could be a little intimidating, but it isnt really as bad as you think. Everything is scripted. Before starting, you will need to download and unzip OPENSSL. You will notice a number of versions. I used windows version ,0. CSR. I unzipped OPENSSL in a folder off my C drive. C openssl http www. Generate a CSRA CSR stands for certificate signing request. This is the first step in the certificate process. After you have OPENSSL installed you want to launch openssl. You then enter the following script. C opensslbin openssl. Open. SSL req new newkey rsa 2. Note The WLC supports a maximum key size of 2. You will be presented with a number of questions. Your company name, state, country, common name etc. Its important to enter this information correctly. This data gets checked against the CA information on file. It is also important the CN common name matches the DNS A record for your virtual IP. You will also be prompted to enter an optional password. This is important, as it adds an extra layer of security and prevents someone compiling the certificate without the password. Open. SSL req new newkey rsa 2. Loading screen into random state done Generating a 2. RSA private key. writing new private key to mykey. You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank. For some fields there will be a default value, If you enter., the field will be left blank. Country Name 2 letter code AU USState or Province Name full name SomeState TXLocality Name eg, city Houston. Organization Name eg, company Internet Widgits Pty Ltd Mycompany. Organizational Unit Name eg, section ITCommon Name eg, YOUR name guest. Email Address itmycompany. Please enter the following extra attributes to be sent with your certificate request. A challenge password TESTESTAn optional company name Open. SSL 3 Once you are complete. You will find 2 files in the bin folder. The mykey. pem is your portion of the CSR which will be used later. Keep this in a safe place. The myreq. pem is your CSR ,which is sent to your CA. If you change the file type from. The CA will reply with a digitally signed certificate chain. Jordi Savall Blogspot here. You will receive three certificates. Root Certificate. Intermediate Certificate. Device Certificate. The next step, you will want to take the 3 certificates and change the extension to. Entrust. cer. L1. Cchainroot. cer. L1. Croot. cer. Once the extensions are converted to. Open notepad and cut and paste the certificates in this order BEGIN CERTIFICATEevice certEND CERTIFICATEBEGIN CERTIFICATEntermediate CA cert END CERTIFICATEBEGIN CERTIFICATEoot CA cert END CERTIFICATE NOTE THESE ARE NOT REAL CERTIFICATES It is important you put the certs in the correct order device, intermediate, root. Device Certificate. Intermediate Certificate. Root Certificate Specific to Entrust your cert order would be the following Device Certificate L1. Croot. Intermediate Certificate L1. Cchainroot. Root Certificate Entrust NOTE IF YOU OPEN THE ROOT CERTIFICATE THIS WILL CONTAIN YOUR CN COMMON NAME 6 Save the file as All certs. In this step you will combine your mykey. All certs. pem. Open up OPENSLL again. Enter the following C opensslbin openssl. Open. SSL pkcs. All certs. All certs. p. 12 clcerts passin pass TESTTEST passout pass TESTTESTLoading screen into random state done. Open. SSL pkcs. All certs. TESTTEST passout pass TESTTESTMAC verified OKOpen. SSL NOTE YOU ENTER THE PASSWORD YOU CREATED DURING THE CSR CREATION 8 When you are done you will have 1 file, called final cert. This is the certificate you will download to your Anchor WLC. Enter your WLC Security Web Auth Certificate. Check, check box Download SSL Certifciate and enter your TFTP information and your certificate password.