Cisco Cisco 2000 Series Wireless LAN Controller Technisches Handbuch
In step 2 of the
Download the Converted PEM Format Device Certificate to the WLC
section, the command to
download the certificate to the WLC is:
(Cisco Controller)>transfer download datatype eapcacert
The file to be downloaded to the WLC is certnew.pem.
You can verify whether the certificates are installed on the WLC from the controller GUI as follows:
From the WLC GUI, click Security. In the Security page, click Advanced > IPSec Certs from the tasks that appear on the
left. Click CA Certificate in order to view the CA certificate installed. Here is the example:
left. Click CA Certificate in order to view the CA certificate installed. Here is the example:
In order to verify whether the device certificate is installed on the WLC, from the WLC GUI, click Security. In the Security
page, click Advanced > IPSec Certs from the tasks that appear on the left. Click ID Certificate in order to view the device
certificate installed. Here is the example:
page, click Advanced > IPSec Certs from the tasks that appear on the left. Click ID Certificate in order to view the device
certificate installed. Here is the example:
Generate a Device Certificate for the Client
Now that the device certificate and the CA certificate are installed on the WLC, the next step is to generate these certificates for
the client.
the client.
Perform these steps in order to generate the device certificate for the client. This certificate will be used by the client to
authenticate to the WLC. This document explains the steps involved in generating certificates for Windows XP professional client.
authenticate to the WLC. This document explains the steps involved in generating certificates for Windows XP professional client.
1.
Go to http://<IP address of CA server>/certsrv from the client that requires the certificate to be installed. Login as
domain nameusername to the CA server. The username should be the name of the user who is using this XP machine,
and the user should already be configured as part of the same domain as the CA server.
domain nameusername to the CA server. The username should be the name of the user who is using this XP machine,
and the user should already be configured as part of the same domain as the CA server.