Certificate Installation: Cisco WLAN 4400
Procedure for Uploading Chained Certificates to the Cisco WLAN 4400:
When you receive the .zip file from PKI Partner it will contain the following files “The Entity (domain certificate), The Root, and The Intermediate Certificates”. You will need to combine them into one .pem file.
To accomplish the task of changing the .crt file to a .pem file you will need to do the following:
- Open each .crt file in a text editor (notepad, wordpad, etc.)
- Open an additional blank text editor page
- Copy the contents of each .crt file in this order and paste it into the blank text editor
−−−−−−BEGIN CERTIFICATE−−−−−−
*Entity cert*
−−−−−−END CERTIFICATE−−−−−−
−−−−−−BEGIN CERTIFICATE−−−−−−
*Intermediate CA cert *
−−−−−−END CERTIFICATE−−−−−−−−
−−−−−−BEGIN CERTIFICATE−−−−−−
*Root CA cert *
−−−−−−END CERTIFICATE−−−−−−
- Once the files are in order you can now save the file as “yourdomain.pem”.
In order to determine which chain of trust you have, please check the document
Which is Root? Which is Intermediate?
Note: Openssl is required
To obtain a copy of OpenSSL for:
Windows: Windows 2000 or better.
Unix-like: (Linux, OS X, etc.) OpenSSL.org website for binaries.
Next, combine this file (yourdomain.pem) with the private key that you generated along with the CSR, the private key of the device certificate, which is mykey.pem in this example. Combine the “yourdomain.pem” certificate with the private key, and then convert the file to a .pem file. This final certificate is called as “final.pem”.
Issue these commands in the OpenSSL application to achieve this:
openssl>pkcs12 −export −in yourdomain.pem −inkey mykey.pem −out yourdomain.p12 −clcerts
openssl>pkcs12 −in yourdomain.p12 −out final−cert.pem −passin pass:check123 −passout
Note:
In this command, you must enter a password for the parameters −passin and −passout.
The password that is configured for the −passout parameter must match the certpassword parameter that is configured on the WLC.
In this example, the password that is configured for both the −passin and −passout parameters is check123.
“final.pem” is the file that we need to upload to the Wireless LAN Controller. The next step is to upload this file to the WLC as a Vendor device certificate.