Authorizing Access Points Using Lscs - Cisco 2100 Series Configuration Manual

Chapter 7 Controlling Lightweight Access Points

Authorizing Access Points Using LSCs

You can use an LSC if you want your own public key infrastructure (PKI) to provide better security, to
have control of your certificate authority (CA), and to define policies, restrictions, and usages on the
generated certificates.
The LSC CA certificate is installed on access points and controllers. You need to provision the device
certificate on the access point. The access point gets a signed X.509 certificate by sending a certRequest
to the controller. The controller acts as a CA proxy and receives the certRequest signed by the CA for
the access point.
Note Access points that are configured for bridge mode are not supported.
Using the GUI to Configure LSC
Using the controller GUI, follow these steps to enable the use of LSC on the controller.
Click Security > Certificate > LSC to open the Local Significant Certificates (LSC) page (see
Step 1
Figure
Figure 7-5
Click the General tab.
Step 2
To enable LSC on the system, check the Enable LSC on Controller check box.
Step 3
In the CA Server URL field, enter the URL to the CA server. You can enter either a domain name or an
Step 4
IP address.
In the Params fields, enter the parameters for the device certificate. The key size is a value from 384 to
Step 5
2048 (in bits), and the default value is 2048.
Click Apply to commit your changes.
Step 6
OL-17037-01
7-5).
Local Significant Certificates (LSC) Page
Autonomous Access Points Converted to Lightweight Mode
Cisco Wireless LAN Controller Configuration Guide
7-19