25 Apr 12 Renew 3rd party Certificate on Cisco WLC 5508

How to renew and upload the third party Certificate on Cisco WLC 5508 for Web Authentication

If you need to generate a CSR Certificate Signing Request for Third Party Certificate and then load it up on your Cisco Wireless LAN Controller 5508. This is a pretty good guide and I used it myself to load the very first one. . Now this is all good however what happens once this certificate expires and you get it renewed and now you have to reload it. I wasn’t able to get specific information about it right away so hopefully this post will not only help me in future but also others :).

First and most important thing is, “hopefully you saved your private key” from when you initially setup your certificate. Because if you do have it then you do not have to start the whole process again. I save everything so I simply located my private key for the Cisco WLC 5508 and did the following: Note: This applies to Verisign which is what we use

  • So first I got the renewed Verisign Certificate and got hold of my old vs.pem file that I used initially
  • Next I replaced the old Verisign Certificate lines with the new ones and saved it This is the key step I guess
  • Now I took vs.pem and myprivatekey.pem files put them in the c:\openssl\bin folder
  • From the command prompt I changed to that folder and typed openssl
  • Next I used the following two commands:
  • pkcs12 -export -in vs.pem -inkey myprivatekey.pem -out vscert.p12 -clcerts -passin pass:12345 -passout pass:12345

    pkcs12 -in vscert.p12 -out vscert.pem -passin pass:12345 -passout pass:12345

  • So now I had the vscert.pem file just like before that I can load on the Cisco WLC 5508
  • Now get the Cisco WLC 5508 ready and load the new cert
  • I ran the following commands on the Cisco 5508 WLC:

    ** transfer download mode tftp
    ** transfer download datatype webauthcert
    ** transfer download serverip x.x.x.x
    ** transfer download path ./(I just typed that as my TFTP folder resides on the C:\TFTP)
    ** transfer download filename vscert.pem
    ** transfer download certpassword 12345
    ** Setting password to 12345
    ** transfer download certpassword 12345
    ** Setting password to 12345

  • Now Cisco WLC 5508 is ready to get the renewed Verisign Cert for the web authentication
  • Type the following command to start the process: transfer download start
  • You will see the screen like below, once it is done, just SAVE the config and reset the 5508 Wireless LAN Controller. New Verisign Certificate will take over

Note: These are the steps that I took to renew and then upload the renewed certificate from Verisign on Cisco 5508 WLC. Use this as a reference, always backup your configurations, do some research if you are not certain, don’t do something that you can’t undo 🙂

Tags: , ,

WordPress SEO