Loading An Externally Generated Ssl Certificate - Cisco 2100 Series Configuration Manual

Chapter 2 Using the Web-Browser and CLI Interfaces
To save the SSL certificate, key, and secure web password to non-volatile RAM (NVRAM) so that your
Step 7
changes are retained across reboots, enter this command:
save config
To reboot the controller, enter this command:
Step 8
reset system

Loading an Externally Generated SSL Certificate

You can use a TFTP server to download an externally generated SSL certificate to the controller. Follow
these guidelines for using TFTP:
•
•
Every HTTPS certificate contains an embedded RSA key. The length of the key can vary from 512 bits,
Note
which is relatively insecure, to thousands of bits, which is very secure. When you obtain a new certificate
from a Certificate Authority, make sure that the RSA key embedded in the certificate is at least 768 bits
long.
Using the GUI to Load an SSL Certificate
Follow these steps to load an externally generated SSL certificate using the controller GUI.
On the HTTP Configuration page, check the Download SSL Certificate check box (see
Step 1
Figure 2-2
OL-17037-01
If you load the certificate through the service port, the TFTP server must be on the same subnet as
the controller because the service port is not routable, or you must create static routes on the
controller. Also, if you load the certificate through the distribution system network port, the TFTP
server can be on any subnet.
A third-party TFTP server cannot run on the same computer as the Cisco WCS because the WCS
built-in TFTP server and the third-party TFTP server require the same communication port.
HTTP Configuration Page
Using the Web-Browser Interface
Cisco Wireless LAN Controller Configuration Guide
Figure 2-2).
2-5