Cisco Systems OL-7426-03 guide

Adding ID Certificates to a Cisco Wireless LAN Controller

ID Certificates and Private Keys are used by Web server operators to ensure secure server operation. The ID certificate and key are used to authenticate the server and encrypt data transmissions between server and browser.

Note: You can obtain an ID Certificate and Private Key from three sources: Factory-supplied, Operator-generated, and Purchased from a trusted CA. This procedure only applies to adding an Operator-generated or Purchased ID Certificate and Key, as the factory-supplied Certificate and Key are already stored in the Cisco Wireless LAN Controller NVRAM. You do not need to complete this procedure if you choose to use the factory-supplied ID Certificate and Key.

CAUTION: Each certificate has a variable-length embedded RSA Key. The RSA key can be from 512 bits, which is relatively insecure, through thousands of bits, which is very secure. When you are obtaining a new certificate from a Certificate Authority (such as the Microsoft CA), MAKE SURE the RSA key embedded in the certificate is AT LEAST 768 Bits.

When you obtain ID certificates (usually in an email from the CA or from your key-generation program), it is a simple matter to add the ID certificate and key to your Cisco Wireless LAN Controller:

•Launch a Web User Interface session as described in Using the Web User Interface.

•Navigate to the ID Certificate > New page in the Web User Interface.

•Type or paste the ID Certificate Name into the Certificate Name box.

•Type a Private Key (Password) into the Certificate Password box.

•Copy the Certificate (a large block of ASCII characters) from your email or text viewer program, and paste it into the ID Certification box.

•Click Apply.

The ID Certificate and Key are now in the Cisco Wireless LAN Controller Volatile RAM. Use ‘System Reboot with Save’ to save the ID Certificate and Key to NVRAM, so the Certificate and Key are preserved across restarts.

5/26/05	Adding ID Certificates to a Cisco Wireless LAN Controller
OL-7426-03

Image 224

Cisco Systems OL-7426-03 quick start Adding ID Certificates to a Cisco Wireless LAN Controller

Contents

Welcome to the Product Guide 26/05 All Rights Reserved OL-7426-03 Legal Information ProductsEnd User License Agreement 26/05 Legal Information OL-7426-03 26/05 Legal Information OL-7426-03 26/05 Legal Information OL-7426-03 Limited Warranty Disclaimer of Warranty Trademarks and Service Marks Additional Open Source Terms Obtaining Documentation Cisco.comDocumentation DVD Ordering Documentation Reporting Security Problems in Cisco Products Documentation FeedbackCisco Product Security Overview 26/05 Documentation Feedback OL-7426-03 Submitting a Service Request Obtaining Technical AssistanceCisco Technical Support Website 26/05 Obtaining Technical Assistance OL-7426-03 Definitions of Service Request Severity Obtaining Additional Publications and Information Deployment Statement Class a Statement RF Radiation Hazard WarningNon-Modification Statement Page Page Page Klasse 1 laserprodukt Safety Considerations26/05 Safety Considerations OL-7426-03 26/05 Safety Considerations OL-7426-03 Waarschuwing Varoitus 26/05 Safety Considerations OL-7426-03 26/05 Safety Considerations OL-7426-03 26/05 Safety Considerations OL-7426-03 26/05 Safety Considerations OL-7426-03 26/05 Safety Considerations OL-7426-03 Manufacturer’s instructions. Statement Les piles usagées conformément aux instructions du fabricant Varoitus Warnung Avvertenza Aviso ¡Advertencia Varning Aviso ¡Advertencia 26/05 Safety Considerations OL-7426-03 26/05 Safety Considerations OL-7426-03 26/05 OL-7426-03 Table of Contents About Cisco Wireless LAN Controllers Solutions Tasks Starting and Stopping Linux Cisco WCS Troubleshooting with Cisco WCS References 26/05 OL-7426-03 Overviews 26/05 References About the Cisco Wireless LAN Solution 26/05 About the Cisco Wireless LAN Solution OL-7426-03 Refer to the following for more information Single-Cisco Wireless LAN Controller Deployments Full control of Cisco 1000 Series Lightweight Access Points Multiple-Cisco Wireless LAN Controller Deployments 26/05 Operating System Software OL-7426-03 About the Operating System SoftwareAbout Operating System Security About Cisco Wlan Solution Wired Security Configuration Requirements26/05 Cisco Wlan Solution Wired Security OL-7426-03 Layer 2 and Layer 3 Lwapp Operation About Radio Resource Management RRM 26/05 Radio Resource Management RRM OL-7426-03 About the Master Cisco Wireless LAN Controller 26/05 Master Cisco Wireless LAN Controller OL-7426-03 Same-Cisco Wireless LAN Controller Layer 2 Roaming Inter-Cisco Wireless LAN Controller Layer 2 RoamingAbout Client Roaming Inter-Subnet Layer 3 Roaming About Client Location 26/05 Client Location OL-7426-03 About External Dhcp Servers Per-WLAN AssignmentPer-Interface Assignment Security Considerations About Cisco Wlan Solution Mobility Groups 26/05 Cisco Wlan Solution Mobility Group OL-7426-03 About Cisco Wlan Solution Wired Connections 26/05 Cisco Wlan Solution Wired Connections OL-7426-03 About Cisco Wlan Solution WLANs About Access Control Lists26/05 Cisco Wlan Solution WLANs OL-7426-03 About Identity Networking 26/05 Transferring Files OL-7426-03 About Power Over EthernetAbout File Transfers Pico Cell Functionality 26/05 Pico Cell Functionality OL-7426-03 Intrusion Detection Service IDS 26/05 Intrusion Detection Service IDS OL-7426-03 26/05 Cisco Wireless LAN Controllers OL-7426-03 About Cisco Wireless LAN ControllersCisco 2000 Series Wireless LAN Controllers 26/05 Cisco 4100 Series Wireless LAN Controllers OL-7426-03 Cisco 4100 Series Wireless LAN ControllersCisco 4400 Series Wireless LAN Controllers Cisco 4400 Series Wireless LAN Controller Model Numbers Cisco 2000 Series Wireless LAN Controller Model NumbersCisco 4100 Series Wireless LAN Controller Model Numbers About Distribution System Ports 26/05 Distribution System Ports OL-7426-03 About the Management Interface 26/05 Management Interface OL-7426-03 26/05 AP-Manager Interface OL-7426-03 About the AP-Manager InterfaceAbout Operator-Defined Interfaces 26/05 Virtual Interface OL-7426-03 About the Service PortAbout the Virtual Interface About the Startup Wizard About the Service-Port Interface26/05 Service-Port Interface OL-7426-03 26/05 Cisco Wireless LAN Controller Memory OL-7426-03 About Cisco Wireless LAN Controller MemoryCisco Wireless LAN Controller Failover Protection Network Connections to Cisco Wireless LAN Controllers Cisco Wireless LAN Controller Automatic Time SettingCisco Wireless LAN Controller Time Zones Cisco 2000 Series Wireless LAN Controllers Cisco 4100 Series Wireless LAN Controllers Cisco 4400 Series Wireless LAN Controllers Page 26/05 Cisco 1000 Series Lightweight Access Points OL-7426-03 About Cisco 1030 Remote Edge Lightweight Access Points Page Page 802.11a Internal Antenna Patterns External Antenna ConnectorsAntenna Sectorization Page Page 802.11b/g Internal Antenna Patterns About Cisco 1000 Series Lightweight Access Point LEDs About Cisco 1000 Series Lightweight Access Point Connectors Page Page Page 26/05 Rogue Access Points OL-7426-03 About Rogue Access PointsRogue Access Point Location, Tagging and Containment Page About the Web User Interface 26/05 Web User Interface OL-7426-03 About the Command Line Interface 26/05 Command Line Interface OL-7426-03 About the Cisco Wireless Control System Features Cisco26/05 Cisco Wireless Control System OL-7426-03 Base Cisco Cisco Features About Cisco WCS BaseRed Hat Enterprise Linux ES Server 26/05 Cisco WCS Base OL-7426-03 26/05 Cisco WCS Location OL-7426-03 About Cisco WCS LocationAbout the Cisco WCS User Interface 26/05 Floor Plan Editor OL-7426-03 About Cisco WCS Cisco Wireless LAN Controller AutodiscoveryAbout the Floor Plan Editor About Cisco WCS Location Calibration About Cisco WCS Alarm Email Notification26/05 Cisco WCS Alarm Email Notification OL-7426-03 About Cisco 2700 Series Location Appliances 26/05 Cisco 2700 Series Location Appliances OL-7426-03 Solutions Cisco Wlan Solution Security Layer 1 SolutionsLayer 2 Solutions 26/05 Cisco Wlan Solution Security OL-7426-03 Layer 3 Solutions Single Point of Configuration Policy Manager SolutionsRogue Access Point Solutions Rogue Access Point Challenges Integrated Security Solutions Simple, Cost-Effective Solutions Using the Web User Interface Add a Gateway IP address Enter a Primary Dhcp Server IP address Using the Cisco WCS User Interface 26/05 Using the Cisco WCS User Interface OL-7426-03 Create a new AP Manager Interface 26/05 Using the Cisco WCS User Interface OL-7426-03 Using the Web User Interface Using the Cisco WCS User Interface Configuring a Firewall for Cisco WCS 26/05 Configuring a Firewall for Cisco WCS OL-7426-03 Configuring the System for SpectraLink NetLink Telephones Using the Command Line Interface Using the Cisco Wireless Control System Page 26/05 Management over Wireless OL-7426-03 Using Management over WirelessConfig network mgmt-via-wireless enable 26/05 Configuring a Wlan for a Dhcp Server OL-7426-03 Configuring a Wlan for a Dhcp ServerUnder General Policies, select the Admin Status Enabled box 26/05 Customizing the Web Auth Login Screen OL-7426-03 Customizing the Web Auth Login ScreenDefault Web Auth Operation Figure Default Login Successful Screen Customizing Web Auth Operation Clearing and Restoring the Cisco Wlan Solution Logo Changing the Web TitleChanging the Web Message Changing the Logo Copying the Logo or Graphic to the Tftp Server Downloading the Logo or GraphicTransfer download start Clear webimage Verifying your Web Auth Changes Sample Customized Web Auth LoginCreating a Custom URL Redirect Figure Sample Customized Login Screen QoS-Level Configuring Identity Networking for Operating SystemRadius Attributes ACL-Name Interface-Name VLAN-Tag Tunnel AttributesPage 26/05 OL-7426-03 OS Command Line Interface CLI Cisco Wlan Solution Switch Web InterfaceCisco Wireless Control System Cisco WCS Deployment and Quick Start Guides Troubleshooting Cisco 2700 Series Location Appliances Using the Cisco Wlan Solution CLI Using a Local Serial Connection26/05 Using the Cisco Wlan Solution CLI OL-7426-03 Logging Into the CLI 26/05 Logging Into the CLI OL-7426-03 Using a Remote Ethernet Connection Logging Out of the CLI CLI Tree StructureRoot Level 26/05 Logging Out of the CLI OL-7426-03 Config prompt Ent1 Navigating the CLIViewing Network Status 26/05 Navigating the CLI OL-7426-03 Configuring the Cisco Wireless LAN Controller Collecting Cisco Wireless LAN Controller ParametersSystem Parameters Network Distribution System Parameters Configuring System Parameters Config time MM/DD/YY Hhmmss26/05 Configuring System Parameters OL-7426-03 Time and Date Config country code Where code = Country Supported 802.11a and 802.11b/g Protocols Configuring Cisco Wireless LAN Controller InterfacesUsers and Passwords Verifying and Changing the Management Interface Show wlan summary Creating and Assigning the AP-Manager Interface Creating, Assigning and Deleting Operator-Defined Interfaces Config interface delete operator-defined interface name Verifying and Changing the Virtual Interface Configuring Spanning Tree Protocol Config interface hostname virtual DNS Host NameConfig spanningtree switch mode disable Enabling Web and Secure Web Modes Creating Access Control Lists 26/05 Creating Access Control Lists OL-7426-03 WLANs Configuring WLANs26/05 Configuring WLANs OL-7426-03 Config wlan mac-filtering enable Wlan id Config wlan blacklist Wlan id timeoutVLANs 26/05 Local MAC Filter OL-7426-03 Config wlan vlan Wlan id untagged Config wlan security 802.1X enable/disable wlan idConfig wlan security 802.1X encryption wlan id 40/104/128 Config wlan security 802.1X disable wlan id Config wlan security ipsec enable/disable Wlan id Layer 3 SecurityDynamic WPA Keys and Encryption IPSec IPSec Authentication IKE AuthenticationConfig wlan security ipsec ike DH-Group Wlan id group-id IPSec EncryptionI Config wlan security ipsec ike lifetime Wlan id seconds Config wlan security web enable/disable Wlan id Quality of Service Config wlan qos Wlan id bronze/silver/gold/platinumLocal Netuser Activating WLANs Configuring Mobility Groups Configuring RadiusConfig mobility group name groupname 26/05 Configuring Mobility Groups OL-7426-03 Configuring Snmp Configuring Other Ports and ParametersService Port 26/05 Configuring Snmp OL-7426-03 26/05 Configuring Other Ports and Parameters OL-7426-03 Radio Resource Management RRMSerial CLI Console Port 802.3x Flow Control 26/05 Adding SSL to the Web User Interface OL-7426-03 Adding SSL to the Web User InterfaceLocally-Generated Certificate Externally-Generated Certificate Site Cert Updating the Operating System Software 26/05 Updating the Operating System Software OL-7426-03 Using the Startup Wizard 26/05 Using the Startup Wizard OL-7426-03 Enter the Cisco Wlan Solution Mobility Group RF Group Name Locally-Generated Certificate Transfer download start 26/05 Adding SSL to the 802.11 Interface OL-7426-03 Config certificate generate webauthAdding SSL to the 802.11 Interface Externally-Generated Certificate You Want to start? y/n y Saving Configurations 26/05 Saving Configurations OL-7426-03 Clearing Configurations Erasing the Cisco Wireless LAN Controller ConfigurationClear config 26/05 Clearing Configurations OL-7426-03 Resetting the Cisco Wireless LAN Controller 26/05 Resetting the Cisco Wireless LAN Controller OL-7426-03 Using the Cisco Wireless Control System 26/05 Using the Cisco Wireless Control System OL-7426-03 26/05 Using the Cisco Wireless Control System OL-7426-03 26/05 Starting and Stopping Windows Cisco WCS OL-7426-03 Starting and Stopping Windows Cisco WCSStarting Cisco WCS as a Windows Application Starting Cisco WCS as a Windows Service Stopping the Cisco WCS Windows Service Stopping the Cisco WCS Windows Application Checking the Cisco WCS Windows Service Status Starting and Stopping Linux Cisco WCS Starting the Linux Cisco WCS ApplicationStopping the Linux Cisco WCS Application 26/05 Starting and Stopping Linux Cisco WCS OL-7426-03 Checking the Linux Cisco WCS Status Starting and Stopping the Cisco WCS Web Interface Starting a Cisco WCS User Interface Cisco WCS Shutdown Stopping the Cisco WCS User Interface Stopping a Cisco WCS User InterfaceManually Stopping the Cisco WCS User Interface Using Cisco WCS 26/05 Using Cisco WCS OL-7426-03 Checking the Cisco Wlan Solution Network Summary Figure Network Summary for Unconfigured Cisco WCS Database Figure Network Summary for Configured Cisco WCS Database Adding a Cisco Wireless LAN Controller to Cisco WCS Creating an RF Calibration Model 26/05 Creating an RF Calibration Model OL-7426-03 Adding a Campus Map to the Cisco WCS Database Adding a Building to a Campus 26/05 Adding a Building to a Campus OL-7426-03 26/05 Adding a Building to a Campus OL-7426-03 26/05 Adding a Building to a Campus OL-7426-03 Adding a Standalone Building to the Cisco WCS Database Adding an Outdoor Area to a Campus 26/05 Adding an Outdoor Area to a Campus OL-7426-03 26/05 Adding an Outdoor Area to a Campus OL-7426-03 26/05 Adding an Outdoor Area to a Campus OL-7426-03 Adding Floor Plans to a Campus Building 26/05 Adding Floor Plans to a Campus Building OL-7426-03 26/05 Adding Floor Plans to a Campus Building OL-7426-03 Repeat this section for any remaining Floors or Basements Using Map Editor 26/05 Using Map Editor OL-7426-03 Adding Floor Plans to a Standalone Building 26/05 Adding Floor Plans to a Standalone Building OL-7426-03 26/05 Adding Floor Plans to a Standalone Building OL-7426-03 26/05 Adding Floor Plans to a Standalone Building OL-7426-03 Repeat this section for any remaining Floors or Basements Page Page Page Page Page Page Monitoring Predicted Coverage Rssi 26/05 Monitoring Predicted Coverage Rssi OL-7426-03 Monitoring Transmit Power Levels on a Floor Map Monitoring Channels on a Floor MapMonitoring Coverage Holes on a Floor Map 26/05 Monitoring Channels on a Floor Map OL-7426-03 Monitoring Users on a Floor Map Monitoring Clients on a Floor MapTable Clients Parameter Description 26/05 Troubleshooting with Cisco WCS OL-7426-03 Troubleshooting with Cisco WCSDetecting and Locating Rogue Access Points 26/05 Detecting and Locating Rogue Access Points OL-7426-03 26/05 Detecting and Locating Rogue Access Points OL-7426-03 Assign to me Unassign Delete Show the Event History Acknowledging Rogue Access Points 26/05 Acknowledging Rogue Access Points OL-7426-03Locating Clients Use Monitor/Clients to navigate to the Clients Summary 26/05 Locating Clients OL-7426-03 Finding Coverage Holes 26/05 Finding Coverage Holes OL-7426-03 Viewing Cisco WCS Statistics Reports Figure Typical Network Summary Updating OS Software from Cisco WCS 26/05 Updating OS Software from Cisco WCS OL-7426-03 26/05 Updating OS Software from Cisco WCS OL-7426-03 26/05 Managing Cisco WCS and Database OL-7426-03 Installing Cisco WCSManaging Cisco WCS and Database Updating the Windows Cisco WCS 26/05 Updating the Windows Cisco WCS OL-7426-03 Create a Backup Directory Updating the Linux Cisco WCSStop the Cisco WCS Server Application Back Up the Cisco WCS Server Database Start the Cisco WCS Server Application Uninstall the Old Cisco WCS Server ApplicationRestore the Cisco WCS Server Database Reinitializing the Windows Cisco WCS Database Reinitializing the Linux Cisco WCS Database Administering Cisco WCS Users and Passwords Adding User Accounts Changing Passwords Deleting User Accounts Using the Web User Interface 26/05 Using the Web User Interface OL-7426-03 26/05 Using the Web User Interface OL-7426-03 Adding CA Certificates to a Cisco Wireless LAN Controller Adding ID Certificates to a Cisco Wireless LAN Controller Page Configuring Location Appliances 26/05 Configuring Location Appliances OL-7426-03Adding a Location Appliance to the Cisco WCS Database Select Locate to display the All Location Appliances Select Synchronize Network Designs Select Synchronize Switches Assigning Controllers to Cisco Wireless LAN ControllersUnassigning Controllers to Cisco Wireless LAN Controllers Editing Location Appliance Polling Parameters Editing Location Appliance History Parameters Editing Location Appliance Location Parameters Deleting Location Appliance User Groups Adding Location Appliance User GroupsChanging Location Appliance User Group Permissions Adding Location Appliance Users Adding Location Appliance Host Access Deleting Location Appliance Users Deleting Location Appliance Host Access Editing Location Appliance Advanced Parameters Deleting a Location Appliance from the Cisco WCS Database Clearing Location Appliance ConfigurationsSelect Clear Configuration 26/05 Operating the Location Appliances OL-7426-03 Viewing Location Appliance AlarmsOperating Location Appliances Viewing Location Appliance Alarm Events Assigning and Unassigning Location Appliance AlarmsDeleting and Clearing Location Appliance Alarms Restoring Location Appliance Historical Data Viewing Location Appliance EventsBacking Up Location Appliance Historical Data Select Synchronize Switches Viewing Location Appliance Current Status 26/05 Operating the Location Appliances OL-7426-03 Defragmenting the Location Appliance Database Running Java GC on the Location Appliance MemoryRestarting the Location Appliance Application Software Select Defragment Database Rebooting the Location Appliance Troubleshooting Tips Using Error MessagesError Message Description 26/05 Troubleshooting Tips OL-7426-03 Lradifloadprofilepassed Ipsecesppolicyfailure Client Reason Description Meaning Code Using Client Reason and Status Codes in the Trap LogClient Reason Codes Using Cisco 1000 Series Lightweight Access Point LEDs Client Status Codes Flashing References Glossary 10BASE-T100BASE-T 1000BASE-SX API ACLAES Bios CPU CSMA/CA CSMA/CDDES Dhcp DMZ DNSDscp DSL Essid FCSFips FPE Garp GUIGvrp Ieee IKE IPX-SPX ISA IsdnISS L2TP Leap LwappMAC MIC Nvram OfdmPCI Pcmcia RSN PPPRadius Rssi RtosSNR Soho SSL TCPTCP/IP Tftp TIM TkipUSB Vlan Weca WEPWisp Wlan Cisco Wlan Solution Supported Country Codes 26/05 Cisco Wlan Solution Supported Country Codes OL-7426-03 CTO Ficora TBD STD-T66 NPT Channels Transmit Power RadioTx + Allowed Antenna Gain = Indoor/ Outdoor Use Frequency Range GHz Regulatory Authority USX