Articles in Root

How to Generate a CSR on a Cisco WLC

Problem

How to Generate a CSR on a Cisco WLC

 

Solution

There are two ways to generate a CSR for the Cisco WLAN Controller. You can create one manually using OpenSSL or if your version of WLC is greater than 8.3.102, you can use the WLC itself to generate it.

The OpenSSL Method

Install and open the OpenSSL.
Important Note: If your WLC version is less than 7.5, then you must use OpenSSL Version 0.9.8.  If you are using WLC version 7.5 or above, support for OpenSSL Version 1.0 has been added.


Run the following command in OpenSSL:

openssl req -new -newkey rsa:2048 -keyout mykey.key -nodes -out mycsr.csr

 

You must retain the file 'mykey.key' above as this is your private key.  The file, 'mycsr.csr' is your Certificate Signing Request (CSR) and this is the file you must submit to QuoVadis.

Creating the CSR within WLC

If your WLC runs Software Version 8.3.102 or later, then it is recommended to use the WLC to generate the CSR.
Important Note: Once you generate a new CSR, you MUST finish the certificate installation process before rebooting the device. Failure to do so will render your WLC completely unreachable on HTTPS as the WLC will use the newly generated CSR key after reboot which has no certificate tied to it.


In order to generate a CSR for web authentication, enter this command:

(WLC) >config certificate generate csr-webauth [ISO Country Code] [State/Province] [Locality/City] [Organization Name] [Organization Unit] [Common Name] [Email Address]


Example:
(WLC) >config certificate generate csr-webauth BM Pembroke Hamilton QuoVadis WLC wifi.quovadisglobal.com noreply@quovadisglobal.com


In order to generate a CSR for the webadmin, the command changes slightly:


(WLC) >config certificate generate csr-webadmin [ISO Country Code] [State/Province] [Locality/City] [Organization Name] [Organization Unit] [Common Name] [Email Address]


Example:
(WLC) >config certificate generate csr-webadmin BM Pembroke Hamilton QuoVadis WLC wifi.quovadisglobal.com noreply@quovadisglobal.com


The CSR will be displayed within the terminal after you enter in the command.  You must copy the text within the terminal and paste it into a plain text editor and then save it on your computer.

Note: When you run this command again, it will overwrite the previous private keys.

Submit to QuoVadis

Once you have your Certificate Signing Request, submit it to Trust/Link.