Skip to main content

Search

How can we help ?

Add a certificate on a Cisco Wireless Controller (Cisco 9800)

Alexandre de THOMASSON
  • Updated

Describes how to install a custom Certificate SSL on your Cisco Wireless Controller 9800 to avoid HTTPS warnings.

                                                            

Before starting, why should you use a certificate? TLS/SSL certificates secure internet connections by encrypting your data. They ensure that data is transmitted privately, without modifications, loss, or theft. By adding a certificate to your WLC, you will ensure a safer internet experience for your users.

Moreover, some browsers might block authentication on HTTP pages. Using a certificate will permit access to HTTPS pages, and your users will be able to authenticate.

 

First, you have to configure a TFTP server. (You can download a free TFTP Server by following this link: https://www.solarwinds.com/fr/free-tools/free-tftp-server)

Add the certificate to your TFTP-Root directory. This directory has to be the storage of the TFTP server.

Import the Certificate

Then, on your Cisco 9800, go to Configuration Security PKI Management

In the PKI Management window, click the Add Certificate tab and expand the PKCS12 Certificate menu and fill in the TFTP details or use the Desktop (HTTPS) option in the Transport Type.

Verify the certificate chain, which must contain the following 

------BEGIN CERTIFICATE------
*Device cert*
------END CERTIFICATE------
------BEGIN CERTIFICATE------
*Intermediate CA cert *
------END CERTIFICATE--------
------BEGIN CERTIFICATE------
*Root CA cert *
------END CERTIFICATE------

The certificate must be in a PKCS12 format.

 

Certificate Password refers to the password used when the PKCS12 certificate was generated.

Click on Import. After that, you should see the new certificate in the Key Pair Generation tab.

 

Use the new Certificate.

Go to Administration Management HTTP/HTTPS/Netconf and choose the imported certificate from the Trust Points drop-down list and Save.

 

Navigate to Configuration Security Web Auth, choose the global parameter map, and choose the imported trust point from the Trustpoint drop-down list. Click Update & Apply to save the changes. Ensure that the Virtual IPv4 Hostname matches the Common Name in the certificate.

 

The new certificate takes effect after you reboot your controller.