Cisco Cisco 2000 Series Wireless LAN Controller Manuel Technique
!--- This is the same password that is mentioned in step 16 of the previous section.
MAC verified Ok
Enter PEM Pass phrase : cisco
!--- Specify any passphrase here. This example uses the PEM passphrase as cisco.
Verifying - PEM pass phrase : cisco
The certificate file is converted to PEM format. The next step is to download the PEM format device certificate to the WLC.
Note: Before that, you need a TFTP server software on your PC from where the PEM file is going to be downloaded. This PC
should have connectivity to the WLC. The TFTP server should have its current and base directory specified with the location
where the PEM file is stored.
should have connectivity to the WLC. The TFTP server should have its current and base directory specified with the location
where the PEM file is stored.
Download the Converted PEM Format Device Certificate to the WLC
This example explains the download process through the CLI of the WLC.
1.
Login to the controller CLI.
2.
Enter the transfer download datatype eapdevcert command.
3.
Enter the transfer download serverip 10.77.244.196 command.
10.77.244.196 is the IP address of the TFTP server.
4.
Enter the transfer download filename ciscowlc.pem command.
ciscowlc123.pem is the file name used in this example.
5.
Enter the transfer download certpassword command to set the password for the certificate.
6.
Enter the transfer download start command to view the updated settings.
Then, answer y when prompted to confirm the current settings and start the download process.
This example shows the download command output:
(Cisco Controller) >transfer download start
Mode............................................. TFTP
Data Type........................................ Vendor Dev Cert
TFTP Server IP................................... 10.77.244.196
TFTP Packet Timeout.............................. 6
TFTP Max Retries................................. 10
TFTP Path........................................
TFTP Filename.................................... ciscowlc.pem
This may take some time.
Are you sure you want to start? (y/N) y
TFTP EAP CA cert transfer starting.
Certificate installed.
Reboot the switch to use the new certificate.
Enter the reset system command to reboot the controller.
The controller is now loaded with the device certificate.
Mode............................................. TFTP
Data Type........................................ Vendor Dev Cert
TFTP Server IP................................... 10.77.244.196
TFTP Packet Timeout.............................. 6
TFTP Max Retries................................. 10
TFTP Path........................................
TFTP Filename.................................... ciscowlc.pem
This may take some time.
Are you sure you want to start? (y/N) y
TFTP EAP CA cert transfer starting.
Certificate installed.
Reboot the switch to use the new certificate.
Enter the reset system command to reboot the controller.
The controller is now loaded with the device certificate.
7.
Enter the reset system command to reboot the controller. The controller is now loaded with the device certificate.
Install the Root Certificate of PKI into the WLC
Now that the device certificate is installed in the WLC, the next step is to install the Root Certificate of the PKI to the WLC from
the CA server. Perform these steps :
the CA server. Perform these steps :
1.
Go to http://<IP address of CA server>/certsrv from your PC which has a network connection to the CA server. Login as
the administrator of the CA server.
the administrator of the CA server.