Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1334
Views
0
Helpful
5
Replies

Import a certificate for web auth on controller

rchester
Level 1
Level 1

‎06-26-2007 04:54 AM - edited ‎07-03-2021 02:15 PM

I have a customer who says that the SSL Certificate warning that pops up for the web auth on the WLC is not acceptable. Is the controller capable of importing a certificate? Can the certificate have 1.1.1.1 as its CN?

reload in 25 years
Labels:
0 Helpful
5 Replies 5

dancampb
Level 7
Level 7

‎06-26-2007 06:36 AM

You sure can load a third party cert to the controller. Just make sure it is not a chained certificate since the controllers don't support them. Here's a document on how to get and install the certificate:

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00806e367a.shtml

0 Helpful

rchester
Level 1
Level 1
In response to dancampb

‎06-26-2007 01:15 PM

Looks good. Is there any issue with using a public DNS and a virtual interface of 1.1.1.1 ?

reload in 25 years
0 Helpful

slandeira
Level 1
Level 1
In response to dancampb

‎03-31-2010 08:34 AM

I feel is a very good solution.
Only one question, does the OpenSSL aplication cost? Where can I get?

Thanks.

S.

0 Helpful

Kayle Miller
Level 7
Level 7

‎03-31-2010 08:53 AM

rchester,

    It's kinda funny I just went through this with a Client last week. So yes you can install an SSL certificate to resolve that inconvience, and you can use a Chained SSL Certificate (it's what I used) but you need to follow these directions.

http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080a77592.shtml

My client got their certificates from Verisign.

As for the OpenSSL application

http://gnuwin32.sourceforge.net/packages/openssl.htm

http://www.openssl.org/

those are the sites I used to get the openssl application..

Here is also a link to show you how to setup OpenSSL

http://www.dylanbeattie.net/docs/openssl_iis_ssl_howto.html

takes a bit to get it setup, but worked like a charm.  You can get a 14-day trial certificate from Versign to test and experiment with.

Also the CN can not be an IP Address, and as far as the 1.1.1.1 on public DNS mine is setup that way and works great...

Hope this helps, please feel free to rate this post.

Thanks,

Kayle

0 Helpful

B.Smeets
Level 1
Level 1
In response to Kayle Miller

‎04-13-2010 02:53 AM

Kayle, you wrote:

> ... the 1.1.1.1 on public DNS mine is setup that way and works great...

I tried that too and got a lot of comment: 1.1.1.1 is a virtual address and hence cannot be linked to an 'owner'. Therefore this DNS entry request was refused, unless this DNS would be confined to our own organisation. Did you do it this way?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card