If you have tried to install a third party certificate on a Cisco WLC in the past, you probably already know there is a specific process and format that the controller is looking for . If you haven’t, you’re in luck. I put a quick, easy guide together that I have had saved in my email to use year after year for renewals. Here is that guide. This guide utilizes openssl, in my case on a linux VM, but you can use the Windows version as well. I have heard in the past from multiple people that it must be version 0.9.8 or earlier, but I have not tried a later version yet myself.
Cisco WLC Certificate Installation Guide
Using openssl, generate the CSR that you will give to your third party certificate signer:
openssl req -new -newkey rsa:2048 -nodes -out wireless_mycompany_com.csr -keyout wireless_mycompany_com.key -subj "/C=US/ST=Ohio/L=Cleveland/O=My Business Name/OU=Information Systems/CN=wireless.mycompany.com"
Next you send that CSR to your third party certificate authority such as Thawte or any other CA of your choice. You should receive have an SSL certificate, intermediate cert, and a root cert. Open each of these files in notepad and merge them all into one file, not leaving any spaces. The order you should enter them in is SSL certificate, intermediate certificate, and root certificate. Save this new file as “chainedcert.cer”.
Next you want to bundle this chained certificate you just created with the original CSR key file from the first step. This will be bundled into a PKCS12 file with the following command:
openssl pkcs12 -export -out wireless.pfx -inkey wireless_mycompany_com.key -in chainedcert.cer
Lastly, the controller wants the certificate in PEM format with a key on it. You need to convert the newly created wireless.pfx to PEM and choose the key you want to use. That is done with this command:
openssl pkcs12 -in wireless.pfx -out wireless-cert.pem
That’s the whole process! From here, copy the wireless-cert.pem file to your WLC from your favorite tftp server. You will be prompted to then reboot the controller to complete the installation. If you have any issues, leave a comment below!