SSL certificate for internal web authentication

Unanswered Question
Mar 20th, 2007

We have Cisco WCS and two Cisco 2006 controllers running software version 4.0.206

The guest WLAN is configured for internal web authentication.

The redirect url for internal web auth is https://1.1.1.1/login.html which I think is impossible to edit in this version. My virtual ip is obviously 1.1.1.1 for both controllers.

I want to get rid of the security warning for the SSL certificate used by the guest login page.

Q1: How can I order a certificate that matches the host name 1.1.1.1 in the url ?

Q2: Do I need two different certificates for my two controllers ?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
b.hsu Mon, 03/26/2007 - 06:31

Users are prompted to accept the certificate from the WLC because the clients do not have a trusted root certificate for the certificate that is installed on the WLC. The SSL certificate on the WLC is not in the list of certificates that the client system trusts. There are two ways to stop the generation of this web-browser security alert popup window:

a) Use the self-signed SSL certificate on the WLC and configure the client stations to accept the certificate

b) Generate a CSR and install a certificate that is signed by a source (a third-party CA) for which the clients already have the trusted root certificates installed. For more information on this read http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00806e367a.shtml

vigleik Mon, 03/26/2007 - 07:03

Thank you. It was the host name field in virtual interface configuration I was missing.

I Guess this means I can use the same certificate for both controllers in the system.

csannedhi Mon, 03/26/2007 - 14:32

When you generate certificates for the controllers you have to supply the hostnames also - for example, Controller1 and Controller2.

For an authenticating client, controller's Virtual IP address and hostnames do not matter. The only thing that matters is the Trusted Authority that signed controllers certificate.

vigleik Wed, 03/28/2007 - 00:38

I think the client also checks that the host name of the url matches the host name of the certificate. For instance, IE 7 will say,"The security certificate presented by this website was issued for a different website's address."

Am I wrong ?

How is this handled by WLC web authentication, if the url is https://1.1.1.1/login.html ?

Actions

This Discussion

 

 

Trending Topics - Security & Network