Cisco Systems OL-7426-03 , , , CAUTION:, Note:

5/26/05 Adding SSL to the Web User Interface

OL-7426-03

•Buy or create your own Web Administration SSL key and certificate. If not already done, use a

password, <private_key_password>, to encrypt the key and certificate in a .PEM encoded file.

The PEM-encoded file is called a Web Administration Certificate file

(<webadmincert_name>.pem).

•Move the <webadmincert_name>.pem file to the default directory on your TFTP server.

•Refer to the Using the Cisco WLAN Solution CLI section to connect and use the CLI.

•In the CLI, use the transfer download start command, and answer ‘n’ to the prompt, to view

the current download settings:

>transfer download start

Mode........................................... TFTP

Data Type...................................... Admin Cert

TFTP Server IP................................. xxx.xxx.xxx.xxx

TFTP Path...................................... <directory path>

TFTP Filename..................................

Are you sure you want to start? (y/n) n

Transfer Canceled

•To change the download settings, use the following:

>transfer download mode tftp

>transfer download datatype webauthcert

>transfer download serverip <TFTP server IP address>

>transfer download path <absolute TFTP server path to the update file>

>transfer download filename <webadmincert_name>.pem

•Enter the password for the .PEM file, so Operating System can decrypt the Web Administration

SSL key and certificate:

>transfer download certpassword <private_key_password>

>Setting password to <private_key_password>

•In the CLI, use the transfer download start command to view the updated settings, and

answer ‘y’ to the prompt to confirm the current download settings and start the certificate and

key download:

>transfer download start

Mode........................................... TFTP

Data Type...................................... Site Cert

TFTP Server IP................................. xxx.xxx.xxx.xxx

TFTP Path...................................... <directory path>

TFTP Filename.................................. <webadmincert_name>

Are you sure you want to start? (y/n) y

TFTP Webadmin cert transfer starting.

CAUTION: Each certificate has a variable-length embedded RSA Key. The RSA key

can be from 512 bits, which is relatively insecure, through thousands of bits, which is

very secure. When you are obtaining a new certificate from a Certificate Authority

(such as the Microsoft CA), MAKE SURE the RSA key embedded in the certificate is

AT LEAST 768 Bits.

Note: Some TFTP servers require only a forward slash “/” as the <TFTP server IP

address>, and the TFTP server automatically determines the path to the correct

directory.