Bulk Update WLC WebAuth Certificate

It's that time again. I’m updating the webauth cert for a good number of WLCs. The newer WLC code has an option to generate a certificate signing request directly from the WLC. While that option is great for a single WLC, it is cumbersome repeating the process to update a large number of WLCs. Instead, I'll trade off by spending more time upfront preparing one certificate file I can use on all of the WLCs. I’m going with the good 'ole OpenSSL method to generate a CSR for a wildcard cert. I’ll have it signed by a public CA, combine the device cert, intermediate CA cert, and root CA cert. Then I’ll massage it with OpenSSL to include the private key (created by OpenSSL during the CSR process). That version of the certificate file will then be uploaded to all of the different WLCs in the organization.

The Tech Note write-up from Cisco with the specific CLI commands for OpenSSL is at the following URL.

https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/109597-csr-chained-certificates-wlc-00.html

Document Name: Generate CSR for Third-Party Certificates and Download Chained Certificates to the WLC

Document ID: 109597

Wildcard Cert ASA

Happy New Year! Here's to hoping 2021 is a great year!

 

This is a quick reminder to myself on how to import wildcard SSL certs into an ASA. I refer to "Tony's Geek stuff" and the great write-up there. Please see the following URL.

 

 http://blog.tonns.org/2013/02/importing-ssltls-wildcard-certificate.html

 

Also, the ADSM allowed me to generate a CSR and I was able to generate a wildcard certificate against that CSR. If I'm still supporting ASA's next year this should prove to come in handy.

 

Continuing Education Program

I had the pleasure of re-certifying my CCIE this year using the Continuing Education Program. Cisco rewarded me by renewing my status for 2 more years and unlocking the 10 year badge.

10 years? That has to be a mistake right? It feels like I just passed the lab in San Jose a couple of years ago. What do you mean there isn't a CCIE lab in San Jose anymore? Hmm, maybe it really was 10 year ago. Wow, time flies when you're doing what you love!