Skip to end of metadata
Go to start of metadata


Description:

This document describes how to use a LANCOM WLAN controller with a firmware version up to LCOS 8 to backup existing certificates and then transfer them to another LANCOM WLAN controller.


Requirements:
  • LANtools as of version 7 (download latest version)

    Note:
    As of LCOS version 9, you can easily transfer certificates with the One-Click Backup feature. This procedure is described in the following Knowledge Base document .


Procedure:

1) Steps to carry out on the source device:

1.1) On the LANCOM WLAN controller containing the certificates, you first perform a backup to the CA (certification authority). The backup is stored on the WLAN controller.
    • Open an SSH session on the WLAN controller and run following command:

      do /Setup/Certificates/SCEP-CA/CA-certificates/Create-PKCS12-Backup-Files <password>

      At this point you set the <password> to a password of your choice. The password is required because it is only possible to upload certificate containers to a LANCOM device if a password has been set.

    • You then enter the command ls /Status/File-System/Contents. This allows you to check whether the backup files were successfully created. The following files should appear in the list:
      • scep_ca_backup
      • scep_ra_backup


1.2) In the next step, the files for the CA & RA backups, the SCEP CA certificate list, and the SCEP CA serial number need to be downloaded from the WLAN controller and saved to your PC or an external data medium (see figure).
    • You can do this, for example, using WEBconfig with the menu item File management -> Download certificate or file.

      Please use a regular browser for this purpose and not the browser integrated in LANconfig. Alternatively you can perform the download with LANconfig itself.





2) Steps to carry out on the target device:

2.1) Open an SSH session on the LANCOM WLAN controller and execute the command ls/Status/File-System/Content to check whether the device has already created its own certificates.
    • If this is the case, you need to delete the following files with the del command (e.g. del scep_cert_list):

      You can skip this step if the listed files do not exist.
      • scep_cert_list
      • scep_crl
      • scep_cert_serial
      • scep_ca_pkcs12_int
      • scep_ra_pkcs12_int
      • controller_pkcs12_int

2.2) The files you saved in step 1.2 can now be uploaded to the target device.

To do this open WEBconfig and use the item File management -> Upload certificate or file.

    Note:
    For the upload, make sure you select the same slots as for the download (see figure). An important consideration for the CA & RA backup is that you must enter the password used for the export (see step 1.1 ).



2.3) Run the following command on the SSH console to perform the upload:
    do /Setup/Certificates/SCEP-Client/Reinit

2.4) This concludes the transfer of the certificates.