Wireless Controller
Dedicated Wi-Fi control and management for high density and mobility
Article Id 198241

Configuring a Third party certificate on the controller.

KB Article Type: Configuration



KEYWORDS: controller, third party, certificate



Step 1: Click on Configuration > Certificate Management > Server Certificates > Click on the ADD button.

Step 2: Under “Certificate Add” fill in the following fields

  •  Choose the radio button named “Create Certificate Signing Request (CSR) to be signed by a CA”.
  • Fill “Certificate Alias” text box with a name (Name can be of 1-31 alphanumeric characters)
  • Enter the private key password (Make a note of this key).
  • Enter the validity text box for which the certificate has to be valid.

Step 3: Under Distinguished Name(DN), enter the following fields

  •  Common Name - This is a Fully Qualified Domain Name (FQDN) of the controller. The FQDN should be resolved by the wireless clients connecting to the captive port SSID. (ex.: The wireless clients connecting to the SSID with captive portal should be able to resolve the FQDN of the controller).
  • Organization Unit Name
  • Organization Name
  • Locality Name
  • State Name
  • Country Code
  • E-mail Address.

Step 4: Now export/save the CSR file as alias_name.csr in the desktop.

Step 5: Send this CSR file to the third party CA (any) and request for a standard SSL certificate. In the certificate, the server option can be either “Standard SSL” or “others”

Step 6: The certificates we receive from the third party CA are filename.cer (Server certificate) and filename.p7b (Trusted chain root certificate).

Step 7: Click on Configuration>Certificate Management>Trusted Root CA and import the third party Root certificate which is of .p7b format.

Step 8: Click on the Configuration>Certificate Management>Server Certificate>Pending CSR button > Highlight alias_name.csr click on import and then browse for the server certificate file which is of .cer format.

Step 9: Once you choose it, you will have an option to choose “Used by” which is for captive portal or Web GUI. Hold control key and click on both options to enable the certificate to use both.


1. Certificate implementation is available only from 3.5 code onwards.

2. Only a standard SSL certificate is supported, not Wildcard certificates.

3. Ensure the trust root certificate is of .p7b format; it would be a chain.

4. The following screenshot shows the chain and the intermediate certificate. If an Intermediate certificate is required for trusted root CA, then it needs to be imported as well.