Skip to main content

Search

How can we help ?

Add a certificate on a Cisco Wireless Controller (Cisco WLC)

Alexandre de THOMASSON
  • Updated

Describes how to install a custom Certificate SSL on your Cisco Wireless Controller to avoid HTTPS warnings

                                                            

 

Why should you use a TSL/SSL certificate?

Before starting, why should you use a certificate? TLS/SSL certificates secure internet connections by encrypting your data. They ensure data is transmitted privately, without modification, loss, or theft. Adding a certificate to your WLC will provide a safer internet experience for your users.

Moreover, some browsers might block authentication on HTTP pages. Using a certificate will permit access to HTTPS pages, and your users will be able to authenticate.

Now, we can see how to add a certificate to your Cisco WLC.

 

Step 1: Configure a TFTP server:

First, you have to configure a TFTP server. (You can download an accessible TFTP Server by following this link)

Add the certificate to your TFTP-Root directory. This directory has to be the storage of the TFTP server.

TFTP server setup on Cloudi-Fi captive portal

 

Step 2: Download the SSL certificate to set the TFTTP IP address:

Then, on your WLC, go to Security Web Auth Certificate.

Click on « Download SSL Certificate.»

Set your TFTP server’s IP address, the certificate file name (don’t forget the filename extension « .pem ») and the certificate password.

(Your certificate has to be as described in this link: https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/109597-csr-chained-certificates-wlc-00.html)

(If you encounter some problems installing your certificate, you can follow this link: https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/215425-troubleshoot-certificate-installation-on.html)

You can press « Apply.» The certificate is downloaded on the controller.

Once the transfer is completed successfully, go to Controller Interfaces.

Select your virtual interface. Change the IP Address to « 192.0.2.2 » and the DNS Host Name to « login.3wi.fi ».

 

Step 3: Enable HTTP Access AND WebAuth SecureWeb

In Management > HTTP/HTTPS, Enable

- HTTP Access

- HTTPS Access

- HTTPS Redirection

- WebAuth SecureWeb 

Cisco WLC Interface - Enable WebAuth SecureWeb for SSL certificate

 

Step 4: Reboot your Controller

Now, you have to reboot your controller. The new certificate takes effect after that.

 

                                                            

You can access the Cisco how-to Video and Solution Brief from the Cloudi-fi Cisco Partner page.