It's that time again. I’m updating the webauth cert for a good number of WLCs. The newer WLC code has an option to generate a certificate signing request directly from the WLC. While that option is great for a single WLC, it is cumbersome repeating the process to update a large number of WLCs. Instead, I'll trade off by spending more time upfront preparing one certificate file I can use on all of the WLCs. I’m going with the good 'ole OpenSSL method to generate a CSR for a wildcard cert. I’ll have it signed by a public CA, combine the device cert, intermediate CA cert, and root CA cert. Then I’ll massage it with OpenSSL to include the private key (created by OpenSSL during the CSR process). That version of the certificate file will then be uploaded to all of the different WLCs in the organization.
The Tech Note write-up from Cisco with the specific CLI commands for OpenSSL is at the following URL.
Document Name: Generate CSR for Third-Party Certificates and Download Chained Certificates to the WLC
Document ID: 109597