Cisco Systems OL-7426-03 quick start Externally-Generated Certificate

•Verify that the Web Administration certificate is properly loaded:

>show certificate summary

•Save the SSL certificate, key and secure web password in active working memory to NVRAM (non-volatile RAM) so your changes are retained across reboots:

>save config

Are you sure you want to save? (y/n) y

Configuration Saved!

•Reboot the Cisco Wireless LAN Controller:

>reset system

Are you sure you would like to reset the system? (y/n) y

System will now restart!

The Cisco Wireless LAN Controller completes the bootup process as described in the Connecting and Using the CLI Console Step in the appropriate Cisco Wireless LAN Controller

Quick Start Guide.

•Make sure that client operators know that they may securely associate with the Cisco WLAN Solution.

Refer to the Transferring Files To and From a Cisco Wireless LAN Controller section for other file upload and download instructions.

Externally-Generated Certificate

Should you desire to use your own WebAuth SSL certificates, complete the following:

•Make sure you have a TFTP server available for the Operating System software download:

-If you are downloading through the Service port, the TFTP server MUST be on the same subnet as the Service port, because the Service port is not routable.

-If you are downloading through the DS (Distribution System) network port, the TFTP server can be on the same or a different subnet, because the DS port is routable.

Note: The TFTP server cannot run on the same computer as the Cisco Wireless Control System, because the Cisco WCS and the TFTP server use the same commu- nication port.

CAUTION: Each certificate has a variable-length embedded RSA Key. The RSA key can be from 512 bits, which is relatively insecure, through thousands of bits, which is very secure. When you are obtaining a new certificate from a Certificate Authority (such as the Microsoft CA), MAKE SURE the RSA key embedded in the certificate is AT LEAST 768 Bits.

•Buy or create your own WebAuth SSL key and certificate. If not already done, encode the key and certificate, virtual gateway IP Address, and a password, <private_key_password>, in

a .PEM formatted file. The PEM-encoded file is called a WebAuth Site Certificate file (<webauthcert_name>.pem).

•Move the <webadmincert_name>.pem file to the default directory on your TFTP server.

•Refer to the Using the Cisco WLAN Solution CLI section to connect and use the CLI.