Completion of the process described in the original Cisco configuration document to generate the final ‘.pem’ file.Extract and verify various elements from the pfx file. You will also need to know the import password for the certificate, which will have been specified when creating the original CSR. Also, I believe that this process can only be performed if the pfx file you have been supplied with allows the export of the private key (this would have been specified as part of the certificate request). You can get it from this page, but make sure you get the 0.9.8 version, otherwise the resultant files will not work on a Cisco WLC ( you have been warned ). To convert from pfx to pem format, I still needed the services of Open SSL, which I installed onto my Windows 7 laptop. So I had a dig about on the Internet and found a very useful document which walked through the process of how to convert the pfx file into a format I could use to create my final pem file. I tried (in desperation) to import it anyhow, but it just failed with a rather unhelpful ‘file transfer error’ message. So, I was a in a bit of a tight spot, as the supplied ‘.pfx’ file was the incorrect format. The file required to import in to a WLC is a ‘.pem’ file (see this page for more information about various certificate file formats ) I had an instance recently where a customer had generated a certificate using their usual CSR method (I’m not too sure what they used), but the resulting file they received from their public CA (Thawte in this case) was a ‘.pfx’ file (Personal Information Exchange). It should be possible to generate CSRs using other methods (other than Open SSL), but you may not end up with a resultant certificate file in the required file format to import into your WLC. The method described in the (Cisco) document involves generating a CSR using Open SSL version 0.9.8 to create a certificate request which is then submitted to a public CA such as Thawte, Verisign etc. The certificate in the examples shown in the document use a ‘.pem’’ (Privacy Enhanced Mail) format file. It also details how to install the chained certificate (provided by a public CA) on to the WLC. This is often very useful if you are using the WLC as a guest controller and want to prevent browser security messages that pop-up in a guest’s browser each time they access your guest wireless network. Cisco provide an excellent guide on how to create a CSR for a wireless LAN controller so that a certificate signed by a public CA can be installed.
0 Comments
Leave a Reply. |