Problem to put a Lets Encrypt certificate on WLC


#1

Hello,

I generated a certificate signed by Let’s Encrypt thanks to this site: https://gethttpsforfree.com/

I took the CSR of the WebAuth certificate from the WLC controller to be able to generate the signed certificate. Then I add the Root certificate that is on the site: https://letsencrypt.org/certs/isrgrootx1.pem.txt
following the intermediate certificate. I have my final certificate which contains:

  • signed certificate
  • intermediate certificate
  • Root certificate

Then I import the final certificate (final.pem) via the graphical interface of the WLC controller.
the controller tells me that the certificate is not correct. It seems that the certificate signed by let’s Encrypt and the intermediate certificate is in SHA2 while the Root certificate is in SHA1. How can I get a Let’s Encrypt Root certificate in SHA2 please?

Thanks and regards.

Sébastien.


#2

Hi,

The cross signed certificate is signed by an SHA1 root…(Identrust). Hence even if you imported the SHA2 ISRG CA, it’s not the correct chain of trust…

You should import the sha1 Identrust certificate, not the ISRG root CA to form a correct chain of trust.

Thank you


#3

Hi @sebasti1

save the file in Windows

https://letsencrypt.org/certs/isrgrootx1.pem.txt

as isrg-root.crt, then you can open it. You see:

ISRG-Root

It’s with SHA256 signed.


#4

SHA-1 root certificates aren’t a problem for anything, though. Root certificates are trusted because you trust them. The signature, and what algorithm it uses, aren’t important.

A lot of widely used roots are SHA-1.


#5

I don’t think you should include the root certificate in the chain anyway, just the leaf and intermediate.


#6

Hello !

First of all, I thank you for your answers.

Concretely I would like to know how to integrate a certificate on my WLC controller? I managed to generate the signed and intermediate certificate thanks to the following link: https://gethttpsforfree.com/ . What do I need to add to get my certificate to import on the controller please?

Thanks and regards.


#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.