Before starting, why should you use a certificate ? TLS/SSL certificates secure internet connections by encrypting your data. They ensure that data is transmitted privately, without modifications, loss or theft. By adding a certificate on your WLC, you will insure a safer internet experience to your users.
Moreover, some browsers might block authentication on HTTP pages. Using a certificate will permit an access to HTTPS pages and your users will be able to authenticate.
Now, we can see how to add a certificate on your Cisco WLC.
First, you have to configure a TFTP server. (You can download a free TFTP Server by following this link : https://www.solarwinds.com/fr/free-tools/free-tftp-server)
Add the certificate in your TFTP-Root directory. This directory have to be the storage of the TFTP server.
Then, on your WLC, go to Security > Web Auth > Certificate.
Click on « Download SSL Certificate ».
Set your TFTP server’s IP address, certificate file name (don’t forget the filename extension « .pem ») and certificate password.
(Your certificate has to be as described in this link : https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/109597-csr-chained-certificates-wlc-00.html)
(If you encounter some problems installing your certificate, you can follow this link : https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/215425-troubleshoot-certificate-installation-on.html)
You can press « Apply », the certificate is downloaded on the controller.
Once the transfer completed successfully, go to Controller > Interfaces.
Select your virtual interface. Change the IP Address to « 192.0.2.2 » and the DNS Host Name to « login.3wi.fi ».
Now, you have to reboot your controller. The new certificate takes effect after that.