To install or replace the SSL certificate on your Cisco WLC, you need to use a TFTP server and manage the certificate file accordingly.
I suppose you have a tftp server and i suppose it is a linux server with openssl installed.
First step, WLC Cisco need a certchain as pem file including: certificate + intermediate CA + Root CA; so you need to open a text file editor e copy past this three certificates in one file only. Something like this:
You can save this file as mycertchain.pem and upload (or create) it on tftp server. I have created it on /tmp directory and we need also to upload certificate key (mycertkey.pem in this example) in the same folder /tmp of tftp server (or any other linux server with openssl, the important step is the at the end you need to move your final certificate on tftp server).
Now we need to generate a certificate valid for WLC, we can do it running the following commands:
root@tftp-ostrich:/tmp# openssl pkcs12 -export -in mycertchain.pem -inkey mycertkey.pem -out mycert.p12 -clcerts -passin pass:password -passout pass:password
Warning: -clcerts option ignored with -export
root@tftp-ostrich:/tmp# openssl pkcs12 -in mycert.p12 -out mycert.pem -legacy
Enter Import Password: password
root@tftp-ostrich:/tmp# mv mycert.pem /tftp/mypath/
root@tftp-ostrich:/tmp# cd /tftp/mypath/
root@tftp-ostrich:/tftp/mypath# chmod 666 mycert.pem
root@tftp-ostrich:/tftp/mypath# chown tftp.tftp mycert.pemmycert.pem il the final file we need to upload on WLC.
Now open WLC cisco on browser and go to advanced > MANAGEMENT > HTTP-HTTPS and select Download SSL Certificate and fill the form (remember to verify iptables on tftp to be sure wlc can download file).
Click apply to upload certificate and reboot WLC (remember to save WLC configuration before update).
After rebooting you will see your certificate uploaded and installed on your https web interface.