03-20-2007 03:21 AM - edited 07-03-2021 01:48 PM
We have Cisco WCS and two Cisco 2006 controllers running software version 4.0.206
The guest WLAN is configured for internal web authentication.
The redirect url for internal web auth is https://1.1.1.1/login.html which I think is impossible to edit in this version. My virtual ip is obviously 1.1.1.1 for both controllers.
I want to get rid of the security warning for the SSL certificate used by the guest login page.
Q1: How can I order a certificate that matches the host name 1.1.1.1 in the url ?
Q2: Do I need two different certificates for my two controllers ?
03-26-2007 06:31 AM
Users are prompted to accept the certificate from the WLC because the clients do not have a trusted root certificate for the certificate that is installed on the WLC. The SSL certificate on the WLC is not in the list of certificates that the client system trusts. There are two ways to stop the generation of this web-browser security alert popup window:
a) Use the self-signed SSL certificate on the WLC and configure the client stations to accept the certificate
b) Generate a CSR and install a certificate that is signed by a source (a third-party CA) for which the clients already have the trusted root certificates installed. For more information on this read http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00806e367a.shtml
03-26-2007 07:03 AM
Thank you. It was the host name field in virtual interface configuration I was missing.
I Guess this means I can use the same certificate for both controllers in the system.
03-26-2007 02:32 PM
When you generate certificates for the controllers you have to supply the hostnames also - for example, Controller1 and Controller2.
For an authenticating client, controller's Virtual IP address and hostnames do not matter. The only thing that matters is the Trusted Authority that signed controllers certificate.
03-28-2007 12:38 AM
I think the client also checks that the host name of the url matches the host name of the certificate. For instance, IE 7 will say,"The security certificate presented by this website was issued for a different website's address."
Am I wrong ?
How is this handled by WLC web authentication, if the url is https://1.1.1.1/login.html ?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: