Skip to content

Cisco Wireless Controller Certificate Renew⚓︎

Process⚓︎

A CSRs is required per controller as they have their own private keys which cannot be exported. The CN and SAN will be the same on both certs. Unfortunately this will come with additional cost, but without being able to export and share a private key this is the only option.

When submitting the CSRs to the Certificate Authority make sure you add a SAN manually to the request.

A command similar to config certificate generate csr-webauth US State "My City" "My Company" My_OU guestwireless.company.com [email protected] RSA to create the Private and CSR. This process does not put any SANs in to the CSR, this will need to be done manually during CA submission.

The signed certificate needs to be returned to to the Cisco device in a pem format, with a .pem extension, and with the following format.

Text Only
1
2
3
4
5
6
7
8
9
-----BEGIN CERTIFICATE-----
* device cert *
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
* intermediate cert *
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
* root cert *
-----END CERTIFICATE-----

Confirmed working with:

  • Cisco 5508

References⚓︎