cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1751
Views
0
Helpful
4
Replies

SSL certificate for internal web authentication

vigleik
Level 1
Level 1

We have Cisco WCS and two Cisco 2006 controllers running software version 4.0.206

The guest WLAN is configured for internal web authentication.

The redirect url for internal web auth is https://1.1.1.1/login.html which I think is impossible to edit in this version. My virtual ip is obviously 1.1.1.1 for both controllers.

I want to get rid of the security warning for the SSL certificate used by the guest login page.

Q1: How can I order a certificate that matches the host name 1.1.1.1 in the url ?

Q2: Do I need two different certificates for my two controllers ?

4 Replies 4

b.hsu
Level 5
Level 5

Users are prompted to accept the certificate from the WLC because the clients do not have a trusted root certificate for the certificate that is installed on the WLC. The SSL certificate on the WLC is not in the list of certificates that the client system trusts. There are two ways to stop the generation of this web-browser security alert popup window:

a) Use the self-signed SSL certificate on the WLC and configure the client stations to accept the certificate

b) Generate a CSR and install a certificate that is signed by a source (a third-party CA) for which the clients already have the trusted root certificates installed. For more information on this read http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00806e367a.shtml

Thank you. It was the host name field in virtual interface configuration I was missing.

I Guess this means I can use the same certificate for both controllers in the system.

When you generate certificates for the controllers you have to supply the hostnames also - for example, Controller1 and Controller2.

For an authenticating client, controller's Virtual IP address and hostnames do not matter. The only thing that matters is the Trusted Authority that signed controllers certificate.

I think the client also checks that the host name of the url matches the host name of the certificate. For instance, IE 7 will say,"The security certificate presented by this website was issued for a different website's address."

Am I wrong ?

How is this handled by WLC web authentication, if the url is https://1.1.1.1/login.html ?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: