×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Import a certificate for web auth on controller

Unanswered Question
Jun 26th, 2007
User Badges:

I have a customer who says that the SSL Certificate warning that pops up for the web auth on the WLC is not acceptable. Is the controller capable of importing a certificate? Can the certificate have 1.1.1.1 as its CN?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
rchester Tue, 06/26/2007 - 13:15
User Badges:

Looks good. Is there any issue with using a public DNS and a virtual interface of 1.1.1.1 ?


slandeira Wed, 03/31/2010 - 08:34
User Badges:

I feel is a very good solution.
Only one question, does the OpenSSL aplication cost? Where can I get?

Thanks.

S.

Kayle Miller Wed, 03/31/2010 - 08:53
User Badges:
  • Silver, 250 points or more

rchester,


    It's kinda funny I just went through this with a Client last week. So yes you can install an SSL certificate to resolve that inconvience, and you can use a Chained SSL Certificate (it's what I used) but you need to follow these directions.


http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080a77592.shtml



My client got their certificates from Verisign.


As for the OpenSSL application


http://gnuwin32.sourceforge.net/packages/openssl.htm


http://www.openssl.org/


those are the sites I used to get the openssl application..



Here is also a link to show you how to setup OpenSSL


http://www.dylanbeattie.net/docs/openssl_iis_ssl_howto.html



takes a bit to get it setup, but worked like a charm.  You can get a 14-day trial certificate from Versign to test and experiment with.



Also the CN can not be an IP Address, and as far as the 1.1.1.1 on public DNS mine is setup that way and works great...



Hope this helps, please feel free to rate this post.


Thanks,


Kayle

Kayle, you wrote:


> ... the 1.1.1.1 on public DNS mine is setup that way and works great...


I tried that too and got a lot of comment: 1.1.1.1 is a virtual address and hence cannot be linked to an 'owner'. Therefore this DNS entry request was refused, unless this DNS would be confined to our own organisation. Did you do it this way?

Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode