06-26-2007 04:54 AM - edited 07-03-2021 02:15 PM
I have a customer who says that the SSL Certificate warning that pops up for the web auth on the WLC is not acceptable. Is the controller capable of importing a certificate? Can the certificate have 1.1.1.1 as its CN?
06-26-2007 06:36 AM
You sure can load a third party cert to the controller. Just make sure it is not a chained certificate since the controllers don't support them. Here's a document on how to get and install the certificate:
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00806e367a.shtml
06-26-2007 01:15 PM
Looks good. Is there any issue with using a public DNS and a virtual interface of 1.1.1.1 ?
03-31-2010 08:34 AM
I feel is a very good solution.
Only one question, does the OpenSSL aplication cost? Where can I get?
Thanks.
S.
03-31-2010 08:53 AM
rchester,
It's kinda funny I just went through this with a Client last week. So yes you can install an SSL certificate to resolve that inconvience, and you can use a Chained SSL Certificate (it's what I used) but you need to follow these directions.
http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080a77592.shtml
My client got their certificates from Verisign.
As for the OpenSSL application
http://gnuwin32.sourceforge.net/packages/openssl.htm
those are the sites I used to get the openssl application..
Here is also a link to show you how to setup OpenSSL
http://www.dylanbeattie.net/docs/openssl_iis_ssl_howto.html
takes a bit to get it setup, but worked like a charm. You can get a 14-day trial certificate from Versign to test and experiment with.
Also the CN can not be an IP Address, and as far as the 1.1.1.1 on public DNS mine is setup that way and works great...
Hope this helps, please feel free to rate this post.
Thanks,
Kayle
04-13-2010 02:53 AM
Kayle, you wrote:
> ... the 1.1.1.1 on public DNS mine is setup that way and works great...
I tried that too and got a lot of comment: 1.1.1.1 is a virtual address and hence cannot be linked to an 'owner'. Therefore this DNS entry request was refused, unless this DNS would be confined to our own organisation. Did you do it this way?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: