User guide
6-31
Cisco WLAN Controller Web Interface User Guide
OL-7416-04
Chapter 6 Security Menu Bar Selection
Web Authentication Certificate
Web Authentication Certificate
Use SECURITY > Web Auth Certificate to navigate to this page.
Use this page to view the current web authentication certificate type, download an SSL certificate, or
regenerate a new locally- generated web auth certificate.
Note The Operating System automatically generates a fully-functional web authentication certificate as it is
loaded onto your controller. This means that you do not have to do anything to use certificates with
Layer 3 web authentication.
However, if you would like to use a new Operating System-generated web authentication certificate,
click the Regenerate Certificate button. The Operating System generates a new web auth certificate,
and displays a
Successfully generated Web Authentication Certificate message. Reboot the
controller to register the new certificate.
If you would prefer to use an externally-generated web authentication certificate, verify that the
controller can ping the TFTP server, and then click the Download SSL Certificate box, and fill in the
following parameters:
• Server IP Address.
• Maximum Retries: Maximum number of times each download can be attempted.
• Timeout: The amount of time allowed for each download.
• Certificate File Path: usually “/” so the TFTP software can use its default directory.
• Certificate File Name: The web authentication certificate filename in encrypted .PEM (Privacy
Enhanced Mail) format.
• Certificate Password.
Note The TFTP server cannot run on the same computer as the Cisco WCS, because the Cisco WCS and the
TFTP server use the same communication port.
Caution Each certificate has a variable-length embedded RSA Key. The RSA key length can varies from512 bits,
which is relatively insecure, to thousands of bits, which is very secure. When you are obtaining a new
certificate from a Certificate Authority (such as the Microsoft CA), MAKE SURE the RSA key
embedded in the certificate is AT LEAST 768 Bits.
When you have filled in the required information, click Apply and the Operating System collects the
new certificate from the TFTP server. Reboot the controller to register the new certificate.
Command Buttons
• Apply: Data is sent to the controller and made to take effect, but not preserved across a power cycle;
these parameters are stored temporarily in volatile RAM.
• Regenerate Certificate: Direct the Operating System to internally generate a new Web
Authentication certificate.
• Help: Request that the help page be displayed in a new browser window.