I took the CSR of the WebAuth certificate from the WLC controller to be able to generate the signed certificate. Then I add the Root certificate that is on the site: https://letsencrypt.org/certs/isrgrootx1.pem.txt
following the intermediate certificate. I have my final certificate which contains:
signed certificate
intermediate certificate
Root certificate
Then I import the final certificate (final.pem) via the graphical interface of the WLC controller.
the controller tells me that the certificate is not correct. It seems that the certificate signed by let’s Encrypt and the intermediate certificate is in SHA2 while the Root certificate is in SHA1. How can I get a Let’s Encrypt Root certificate in SHA2 please?
The cross signed certificate is signed by an SHA1 root..(Identrust). Hence even if you imported the SHA2 ISRG CA, it's not the correct chain of trust....
You should import the sha1 Identrust certificate, not the ISRG root CA to form a correct chain of trust.
SHA-1 root certificates aren’t a problem for anything, though. Root certificates are trusted because you trust them. The signature, and what algorithm it uses, aren’t important.
Concretely I would like to know how to integrate a certificate on my WLC controller? I managed to generate the signed and intermediate certificate thanks to the following link: https://gethttpsforfree.com/ . What do I need to add to get my certificate to import on the controller please?
