In order to simplify the backup of the CA in the WLC, the device offers the option to generate a complete certificate record with a single action (one-click backup). This record makes it possible to completely back up and restore the CA and prevent certificate conflicts from occurring.
These conflicts can occur if you have downloaded the individual PKCS12 containers from the device separately and then reloaded: If the WLC has created a new CA in the meantime and has issued new certificates, the deviating CAs temporarily lead to authentication problems for the different services in LCOS. If you cannot wait until the individual services request new certificates, a manual resolution requires deleting the SCEP files from the LCOS file system and re-initialization of the SCEP clients. By reloading a one-click backup, on the other hand, LCOS performs the necessary steps automatically.
Creating a backup file
In order to create a certificate record, perform the action Create PKCS12 backup files under . This action generates a ZIP file within the LCOS file system that contains all necessary files. To protect the certificates and keys contained therein, the ZIP file is automatically protected with the device password, unless you enter another password. The ZIP file that was generated can then be downloaded, for example, in WEBconfig via .
Reloading the backup file
In order to reload certificate records, load the saved ZIP file directly into the device using the passphrase. In WEBconfig, for example, this is done by selecting Replace existing CA certificates so that the device automatically restores the certificate record after the upload.
. Enable the option