Authorizing access points using lscs – Cisco WIRELESS LAN CONTROLLER OL-17037-01 User Manual
Page 20
7-20
Cisco Wireless LAN Controller Configuration Guide
OL-17037-01
Chapter 7 Controlling Lightweight Access Points
Autonomous Access Points Converted to Lightweight Mode
Authorizing Access Points Using LSCs
You can use an LSC if you want your own public key infrastructure (PKI) to provide better security, to
have control of your certificate authority (CA), and to define policies, restrictions, and usages on the
generated certificates.
The LSC CA certificate is installed on access points and controllers. You need to provision the device
certificate on the access point. The access point gets a signed X.509 certificate by sending a certRequest
to the controller. The controller acts as a CA proxy and receives the certRequest signed by the CA for
the access point.
Note
Access points that are configured for bridge mode are not supported.
Using the GUI to Configure LSC
Using the controller GUI, follow these steps to enable the use of LSC on the controller.
Step 1
Click Security > Certificate > LSC to open the Local Significant Certificates (LSC) page (see
).
Figure 7-5
Local Significant Certificates (LSC) Page
Step 2
Click the General tab.
Step 3
To enable LSC on the system, check the Enable LSC on Controller check box.
Step 4
In the CA Server URL field, enter the URL to the CA server. You can enter either a domain name or an
IP address.
Step 5
In the Params fields, enter the parameters for the device certificate. The key size is a value from 384 to
2048 (in bits), and the default value is 2048.
Step 6
Click Apply to commit your changes.