Loading An Externally Generated Https Certificate - Cisco SD2008T-NA Configuration Manual
4400 series wireless lan controller
Hide thumbs
Also See for SD2008T-NA:
- Configuration manual (46 pages) ,
- Installation manual (160 pages)
Table of Contents
Advertisement
Enabling Web and Secure Web Modes
Loading an Externally Generated HTTPS Certificate
You use a TFTP server to load the certificate. Follow these guidelines for using TFTP:
•
•
Every HTTPS certificate contains an embedded RSA Key. The length of the RSA key can vary from 512
Note
bits, which is relatively insecure, through thousands of bits, which is very secure. When you obtain a
new certificate from a Certificate Authority, make sure the RSA key embedded in the certificate is at
least 768 bits long.
Follow these steps to load an externally generated HTTPS certificate:
Use a password to encrypt the HTTPS certificate in a .PEM-encoded file. The PEM-encoded file is called
Step 1
a Web Administration Certificate file (webadmincert_name.pem).
Move the webadmincert_name.pem file to the default directory on your TFTP server.
Step 2
In the CLI, enter transfer download start and answer n to the prompt to view the current download
Step 3
settings:
>transfer download start
Mode........................................... TFTP
Data Type...................................... Admin Cert
TFTP Server IP................................. xxx.xxx.xxx.xxx
TFTP Path...................................... <directory path>
TFTP Filename..................................
Are you sure you want to start? (y/n) n
Transfer Canceled
Use these commands to change the download settings:
Step 4
>transfer download mode tftp
>transfer download datatype webauthcert
>transfer download serverip TFTP server IP address
>transfer download path absolute TFTP server path to the update file
>transfer download filename webadmincert_name.pem
Step 5
Enter the password for the .PEM file so the operating system can decrypt the Web Administration SSL
key and certificate:
>transfer download certpassword private_key_password
>Setting password to private_key_password
Enter transfer download start to view the updated settings, and answer y to the prompt to confirm the
Step 6
current download settings and start the certificate and key download:
>transfer download start
Mode........................................... TFTP
Data Type...................................... Site Cert
TFTP Server IP................................. xxx.xxx.xxx.xxx
TFTP Path...................................... directory path
TFTP Filename.................................. webadmincert_name
Are you sure you want to start? (y/n) y
TFTP Webadmin cert transfer starting.
2-4
If you load the certificate through the service port, the TFTP server must be on the same subnet as
the controller because the service port is not routable. However, if you load the certificate through
the distribution system (DS) network port, the TFTP server can be on any subnet.
A third-party TFTP server cannot run on the same computer as the Cisco WCS because the WCS
built-in TFTP server and the third-party TFTP server require the same communication port.
Cisco Wireless LAN Controller Configuration GuideCisco Access Router Wireless Configuration Guide
Chapter 2
Using the Web-Browser and CLI Interfaces
OL-6415-01OL-9141-03
Hide quick links:
Advertisement
Table of Contents
