Following excerpts from WLC 4402 configuration guide ver 4.1
WLANs can use web authentication if IPSec or VPN passthrough is not enabled on the controller. Web authentication is simple to set up and use and can be used with SSL to improve the overall security of the WLAN.
Web authentication is supported only through HTTP. HTTPS is not supported. Because web authentication is tied to the management login on the controller, you must disable HTTPS login for management and enable only HTTP for management.
Seems like a contradiction to me. Can anyone advise on the following
Can the web authentication use https ?
If not, is this a security risk ?
If so, how can I upload a 3rd paty SSL certificate to the controller.