Support User Manuals

Cisco Systems OL-7426-03 Network Router User Manual

Open as PDF

of 276

5/26/05 Adding SSL to the 802.11 Interface

OL-7426-03

• Verify that the Web Administration certificate is properly loaded:

>show certificate summary

Web Administration Certificate................. Locally Generated

Web Authentication Certificate................. Locally Generated

Certificate compatibility mode:................ off

• Save the SSL certificate, key and secure web password in active working memory to NVRAM

(non-volatile RAM) so your changes are retained across reboots:

>save config

Are you sure you want to save? (y/n) y

Configuration Saved!

• Reboot the Cisco Wireless LAN Controller:

>reset system

Are you sure you would like to reset the system? (y/n) y

System will now restart!

The Cisco Wireless LAN Controller completes the bootup process as described in the Connecting

and Using the CLI Console Step in the appropriate Cisco Wireless LAN Controller

Quick Start Guide.

• Make sure that client operators know that they may securely associate with the Cisco WLAN

Solution.

Refer to the Transferring Files To and From a Cisco Wireless LAN Controller

section for other file upload

and download instructions.

Externally-Generated CertificateExternally-Generated Certificate

Should you desire to use your own WebAuth SSL certificates, complete the following:

• Make sure you have a TFTP server available for the Operating System software download:

- If you are downloading through the Service port, the TFTP server MUST be on the same

subnet as the Service port, because the Service port is not routable.

- If you are downloading through the DS (Distribution System) network port, the TFTP

server can be on the same or a different subnet, because the DS port is routable.

• Buy or create your own WebAuth SSL key and certificate. If not already done, encode the key

and certificate, virtual gateway IP Address, and a password, <private_key_password>, in

a .PEM formatted file. The PEM-encoded file is called a WebAuth Site Certificate file

(<webauthcert_name>.pem).

• Move the <webadmincert_name>.pem file to the default directory on your TFTP server.

• Refer to the Using the Cisco WLAN Solution CLI section to connect and use the CLI.

Note: The TFTP server cannot run on the same computer as the Cisco Wireless

Control System, because the Cisco WCS and the TFTP server use the same commu-

nication port.

CAUTION: Each certificate has a variable-length embedded RSA Key. The RSA key

can be from 512 bits, which is relatively insecure, through thousands of bits, which is

very secure. When you are obtaining a new certificate from a Certificate Authority

(such as the Microsoft CA), MAKE SURE the RSA key embedded in the certificate is

AT LEAST 768 Bits.

previous next