Cisco Systems OL-7426-03 - page 224

5/26/05 Adding ID Certificates to a Cisco Wireless LAN Controller

OL-7426-03

Adding ID Certificates to a Cisco Wireless LAN ControllerAdding ID Certificates to a Cisco Wireless LAN Controller

ID Certificates and Private Keys are used by Web server operators to ensure secure server operation.

The ID certificate and key are used to authenticate the server and encrypt data transmissions between

server and browser.

When you obtain ID certificates (usually in an email from the CA or from your key-generation

program), it is a simple matter to add the ID certificate and key to your Cisco Wireless LAN Controller:

•Launch a Web User Interface session as described in Using the Web User Interface.

•Navigate to the ID Certificate > New page in the Web User Interface.

•Type or paste the ID Certificate Name into the Certificate Name box.

•Type a Private Key (Password) into the Certificate Password box.

•Copy the Certificate (a large block of ASCII characters) from your email or text viewer

program, and paste it into the ID Certification box.

•Click Apply.

The ID Certificate and Key are now in the Cisco Wireless LAN Controller Volatile RAM. Use ‘System

Reboot with Save’ to save the ID Certificate and Key to NVRAM, so the Certificate and Key are

preserved across restarts.

Note: You can obtain an ID Certificate and Private Key from three sources:

Factory-supplied, Operator-generated, and Purchased from a trusted CA. This

procedure only applies to adding an Operator-generated or Purchased ID Certificate

and Key, as the factory-supplied Certificate and Key are already stored in the Cisco

Wireless LAN Controller NVRAM. You do not need to complete this procedure if you

choose to use the factory-supplied ID Certificate and Key.

CAUTION: Each certificate has a variable-length embedded RSA Key. The RSA key

can be from 512 bits, which is relatively insecure, through thousands of bits, which is

very secure. When you are obtaining a new certificate from a Certificate Authority

(such as the Microsoft CA), MAKE SURE the RSA key embedded in the certificate is

AT LEAST 768 Bits.

Contents

Main Welcome to the Product Guide! Cisco WLAN Solution 3.0: Last Updated May 26, 2005 Legal Information Products End User License Agreement Page Page Limited Warranty Disclaimer of Warranty General Terms Applicable to the Limited Warranty Statement and End User License Agreement Additional Open Source Terms Trademarks and Service Marks Obtaining Documentation Cisco.com Documentation DVD Ordering Documentation Documentation Feedback Cisco Product Security Overview Reporting Security Problems in Cisco ProductsReporting Security Problems in Cisco Products Obtaining Technical Assistance Cisco Technical Support Website Submitting a Service Request Note: Definitions of Service Request Severity Obtaining Additional Publications and Information FCC Statements for Cisco 1000 Series Lightweight Access PointsFCC Statements for Cisco 1000 Class A Statement RF Radiation Hazard Warning Non-Modification Statement Page FCC Statements for Cisco 2000 Series Wireless LAN ControllersFCC Statements for Cisco 2000 Series Page Safety Considerations Page Page Page Page Page Page Page Page Page Page Page Page Page Page Table of Contents Welcome to the Product Guide! OVERVIEWS About Cisco Wireless LAN Controllers About Cisco 1000 Series IEEE 802.11a/b/g Lightweight Access Points SOLUTIONS Configuring a WLAN for a DHCP Server Customizing the Web Auth Login Screen Configuring Identity Networking for Operating System TASK S Using the Cisco WLAN Solution CLI Configuring the Cisco Wireless LAN Controller Using the Cisco Wireless Control System Starting and Stopping Windows Cisco WCS Starting and Stopping Linux Cisco WCS Starting and Stopping the Cisco WCS Web Interface Using Cisco WCS Troubleshooting with Cisco WCS Using the Web User Interface Configuring and Operating Cisco 2700 Series Location Appliances Configuring Location Appliances Operating Location Appliances Troubleshooting Tips REFERENCES Glossary Cisco WLAN Solution Supported Country Codes Page OVERVIEWS Page About the Cisco Wireless LAN Solution Note: Page Single-Cisco Wireless LAN Controller DeploymentsSingle-Cisco Wireless LAN Controller Deployments Multiple-Cisco Wireless LAN Controller Deployments Figure - Note: About the Operating System Software About Operating System Security About Cisco WLAN Solution Wired Security Layer 2 and Layer 3 LWAPP Operation Operational Requirements Configuration Requirements About Radio Resource Management (RRM)Radio Resource Management (RRM) About the Master Cisco Wireless LAN ControllerMaster Cisco Wireless LAN Controller Note: About Client Roaming Same-Cisco Wireless LAN Controller (Layer2) Roaming Inter-Subnet (Layer3 ) Roaming Special Case: Voice Over IP Telephone Roaming About Client Location About External DHCP Servers Per-WLAN Assignment Per-Interface Assignment Security Considerations About Cisco WLAN Solution Mobility Groups Figure - About Cisco WLAN Solution Wired Connections CAUTION: Note: About Cisco WLAN Solution WLANs About Access Control Lists About Identity Networking CAUTION: About File Transfers About Power Over Ethernet Note: Pico Cell Functionality Intrusion Detection Service (IDS) About Cisco Wireless LAN Controllers Cisco 2000 Series Wireless LAN ControllersCisco 2000 Series Wireless LAN Controllers Cisco 4100 Series Wireless LAN ControllersCisco 4100 Series Wireless LAN Controllers Figure - Cisco 4400 Series Wireless LAN ControllersCisco 4400 Series Wireless LAN Controllers Page About Distribution System Ports Note: About the Management Interface About the AP-Manager Interface About Operator-Defined Interfaces About the Virtual Interface About the Service Port About the Service-Port Interface About the Startup Wizard About Cisco Wireless LAN Controller Memory Cisco Wireless LAN Controller Failover Protection Note: Cisco Wireless LAN Controller Time Zones Page Page Page Page About Cisco 1000 Series IEEE 802.11a/b/g Lightweight Access PointsCisco Figure - Page About Cisco 1000 Series Lightweight Access Point External and Internal Antennas Note: External Antenna Connectors Antenna Sectorization 802.11a Internal Antenna Patterns Note: Page Page Page Figure - About Cisco 1000 Series Lightweight Access Point LEDsCisco 1000 Series Lightweight Access Point LEDs Page Note: Figure - Page About Rogue Access Points - - - - Page About the Web User Interface Note: About the Command Line Interface About the Cisco Wireless Control System About Cisco WCS Base - - About Cisco WCS Location About the Cisco WCS User Interface About the Floor Plan Editor Note: About Cisco WCS Alarm Email Notification About Cisco WCS Location CalibrationCisco WCS Location Calibration About Cisco 2700 Series Location AppliancesCisco 2700 Series Location Appliances SOLUTIONS Cisco WLAN Solution Security Overview Layer 1 Solutions Layer 2 Solutions Layer 3 Solutions Rogue Access Point Solutions Rogue Access Point Challenges Tagging and Containing Rogue Access Points Integrated Security Solutions Simple, Cost-Effective Solutions Converting a Cisco WLAN Solution from Layer 2 to Layer 3 ModeConverting a Cisco WLAN Solution 1. 2. 3. Page 14. Using the Cisco WCS User Interface 1. 2. 3. 4. Page Page Converting a Cisco WLAN Solution from Layer 3 to Layer 2 ModeConverting a Cisco WLAN Solution Using the Cisco WCS User Interface Configuring a Firewall for Cisco WCS Page Using the Cisco Wireless Control System Page Using Management over Wireless Configuring a WLAN for a DHCP Server Customizing the Web Auth Login Screen Default Web Auth Operation Figure - Customizing Web Auth Operation Page Note: Creating a Custom URL Redirect Verifying your Web Auth Changes Sample Customized Web Auth Login Page Figure - RADIUS Attributes Note: Page Page Page TASK S Page Using the Cisco WLAN Solution CLI Logging Into the CLI Page Page Logging Out of the CLI CLI Tree Structure Note: Navigating the CLI Viewing Network Status Configuring the Cisco Wireless LAN ControllerConfiguring the Cisco Wireless LAN Controller Collecting Cisco Wireless LAN Controller Parameters Configuring System Parameters Page Supported 802.11a and 802.11b/g Protocols Use the Use the show sysinfo command to verify that the Cisco Wireless LAN Controller has stored Users and Passwords Page Creating and Assigning the AP-Manager Interface Creating, Assigning and Deleting Operator-Defined Interfaces Note: CAUTION: Verifying and Changing the Virtual Interface Page Creating Access Control Lists Configuring WLANs Page Page Page Page Page Page Configuring Mobility Groups Configuring RADIUS Configuring SNMP Configuring Other Ports and Parameters Service Port Page Adding SSL to the Web User InterfaceAdding SSL to the Web User Interface Locally-Generated Certificate Page Page Updating the Operating System Software - - CAUTION: Note: Using the Startup Wizard Note: Adding SSL to the Web User InterfaceAdding SSL to the Web User Interface Page CAUTION: Note: Adding SSL to the 802.11 Interface Locally-Generated Certificate Page Note: Saving Configurations Clearing Configurations Resetting the Cisco Wireless LAN ControllerResetting the Cisco Wireless LAN Controller Using the Cisco Wireless Control System Page Starting and Stopping Windows Cisco WCS Starting Cisco WCS as a Windows ApplicationStarting Cisco WCS as a Windows Application CAUTION: Starting Cisco WCS as a Windows Service Note: Stopping the Cisco WCS Windows ApplicationStopping the Cisco WCS Windows Application Stopping the Cisco WCS Windows ServiceStopping the Cisco WCS Windows Service Checking the Cisco WCS Windows Service StatusChecking the Cisco WCS Windows Service Status Starting and Stopping Linux Cisco WCS Starting the Linux Cisco WCS Application Stopping the Linux Cisco WCS ApplicationStopping the Linux Cisco WCS Application Checking the Linux Cisco WCS Status Starting and Stopping the Cisco WCS Web Interface Starting a Cisco WCS User Interface Stopping a Cisco WCS User Interface Using Cisco WCS Checking the Cisco WLAN Solution Network SummaryChecking the Cisco WLAN Solution Network Summary Figure - Page Page Creating an RF Calibration ModelCreating an RF Calibration Model Note: Adding a Campus Map to the Cisco WCS Database Adding a Building to a Campus Page Page Page Adding an Outdoor Area to a Campus Page Page Adding Floor Plans to a Campus BuildingAdding Floor Plans to a Campus Building Page Page Using Map Editor Adding Floor Plans to a Standalone BuildingAdding Floor Plans to a Standalone Building Page Page Page Adding Cisco 1000 Series Lightweight Access Points to Floor Plan and Outdoor Area Maps Page Page Page Page Page Monitoring Predicted Coverage (RSSI) Monitoring Channels on a Floor Map Monitoring Transmit Power Levels on a Floor MapMonitoring Transmit Power Levels on a Floor Map Monitoring Coverage Holes on a Floor Map Monitoring Users on a Floor Map Monitoring Clients on a Floor Map Table - Troubleshooting with Cisco WCS Detecting and Locating Rogue Access PointsDetecting and Locating Rogue Access Points Page Page Page Acknowledging Rogue Access Points Locating Clients Note: Page Finding Coverage Holes Figure - Viewing Cisco WCS Statistics Reports Updating OS Software from Cisco WCS CAUTION: Managing Cisco WCS and Database Installing Cisco WCS Updating the Windows Cisco WCS Updating the Linux Cisco WCS Page Reinitializing the Windows Cisco WCS Database Reinitializing the Linux Cisco WCS DatabaseReinitializing the Linux Cisco WCS Database Administering Cisco WCS Users and Passwords Page Using the Web User Interface Note: Note: Adding Cisco 1000 Series Lightweight Access Points to a Cisco Wireless LAN Controller Note: CAUTION: Page Configuring and Operating Cisco 2700 Series Location AppliancesConfiguring and Configuring Location Appliances Editing a Location Appliance Contact, User Name, Password, and HTTP/HTTPS Selection Page Editing Location Appliance Polling ParametersEditing Location Appliance Polling Parameters 1. 2. 3. 4. - - Editing Location Appliance History ParametersEditing Location Appliance History Parameters 1. 2. 3. 4. - - Editing Location Appliance Location ParametersEditing Location Appliance Location Parameters Adding Location Appliance User GroupsAdding Location Appliance User Groups Changing Location Appliance User Group PermissionsChanging Location Appliance User Group Permissions Deleting Location Appliance User GroupsDeleting Location Appliance User Groups Adding Location Appliance UsersAdding Location Appliance Users Changing Location Appliance User Passwords, Group Names, and PermissionsChanging Deleting Location Appliance Users Adding Location Appliance Host AccessAdding Location Appliance Host Access Deleting Location Appliance Host Access Editing Location Appliance Advanced ParametersEditing Location Appliance Advanced Parameters Clearing Location Appliance ConfigurationsClearing the Location Appliance Configurations Operating Location Appliances Viewing Location Appliance AlarmsViewing Location Appliance Alarms Deleting and Clearing Location Appliance AlarmsDeleting and Clearing Location Appliance Alarms Viewing Location Appliance Alarm EventsViewing Location Appliance Alarm Events Viewing Location Appliance Events Backing Up Location Appliance Historical DataBacking Up Location Appliance Historical Data Restoring Location Appliance Historical DataRestoring Location Appliance Historical Data Viewing Cisco Wireless LAN Controller and Location Appliance Synchronization Status Re-Synchronizing Cisco Wireless LAN Controller and Location Appliance Databases Viewing Location Appliance Current StatusViewing Location Appliance Current Status Page Defragmenting the Location Appliance DatabaseDefragmenting the Location Appliance Database Running Java GC on the Location Appliance MemoryRunning Java GC on the Location Appliance Memory Rebooting the Location ApplianceRebooting the Location Appliance Troubleshooting Tips Using Error Messages Table - Page Page Using Client Reason and Status Codes in the Trap LogUsing Reason and Status Codes in the Trap Log Client Reason Codes Table - Client Status Codes Table - Page REFERENCES Glossary Page Page Page Page Page Page Page Page Page Page Page Page Page Page Cisco WLAN Solution Supported Country CodesCisco WLAN Solution Supported Country Codes