Chapter 2 Using the
Enabling Web and Secure Web Modes
Using the CLI, follow these steps to enable HTTPS:
Step 1 Enter show certificate summary to verify that the controller has generated a certificate:
>show certificate summary |
| ||
Web | Administration | Certificate | Locally Generated |
Web | Authentication | Certificate | Locally Generated |
Certificate compatibility mode: | off |
Step 2 (Optional) If you need to generate a new certificate, enter this command:
>config certificate generate webadmin
After a few seconds the controller verifies that the certificate is generated:
Web Administration certificate has been generated
Step 3 Enter this command to enable HTTPS:
>config network secureweb enable
Step 4 Save the SSL certificate, key, and secure web password to NVRAM
>save config
Are you sure you want to save? (y/n) y
Configuration Saved!
Step 5 Reboot the controller:
>reset system
Are you sure you would like to reset the system? (y/n) y
System will now restart!
The controller reboots.
Loading an Externally Generated HTTPS Certificate
You use a TFTP server to load the certificate. Follow these guidelines for using TFTP:
•If you load the certificate through the service port, the TFTP server must be on the same subnet as the controller because the service port is not routable. However, if you load the certificate through the distribution system (DS) network port, the TFTP server can be on any subnet.
•The TFTP server cannot run on the same computer as the Cisco Wireless Control System (WCS) because WCS and the TFTP server use the same communication port.
Note Every HTTPS certificate contains an embedded RSA Key. The length of the RSA key can vary from 512 bits, which is relatively insecure, through thousands of bits, which is very secure. When you obtain a new certificate from a Certificate Authority, make sure the RSA key embedded in the certificate is at least 768 bits long.
Cisco Wireless LAN Controller Configuration Guide
|
| ||
|
|