What is everyone using for a SSL Cert on the Wireless Controller?

Answered Question
May 30th, 2008

If I use the locally generated SSL cert on my WLC Internet Explorer always shows the "Untrusted cert warning" when users try to authenticate via the web interface. What can I do to resolve this do I need to buy a cert? If so where is the best and cheapest place to do this? GoDaddy???? Also, I purchased one for my mail server and had to specify a domain name during the process. What would I use for my WLC? The URL during the web authentication process show https://1.1.1.1

I have this problem too.
0 votes
Correct Answer by Scott Fella about 8 years 6 months ago

RapidSSL is your best bet. It is less than 90 bucks for 1 year with insurance and renewal. 5 years is like 380 bucks. GoDaddy will not work since they use chained certificates.

On the VIP, you would enter the DNS Domain Name as what you used on the certificate CN when generating a csr. Of course, you will have to resolve the CN name to 1.1.1.1 or change the 1.1.1.1 to another ip address that is not on your network. Reboot the wlc and your done.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Scott Fella Fri, 05/30/2008 - 08:42

RapidSSL is your best bet. It is less than 90 bucks for 1 year with insurance and renewal. 5 years is like 380 bucks. GoDaddy will not work since they use chained certificates.

On the VIP, you would enter the DNS Domain Name as what you used on the certificate CN when generating a csr. Of course, you will have to resolve the CN name to 1.1.1.1 or change the 1.1.1.1 to another ip address that is not on your network. Reboot the wlc and your done.

jeromehenry_2 Fri, 05/30/2008 - 09:21

Another solution is to connect to your controller over a safe connection (local switch) you trust, and install the self signed certificate... You know it's your controller certificate, it's self generated, you trust the link to it so you install it on your PC...

BRYN JONES Mon, 09/01/2008 - 06:30

Hi

We had issues with chained certificates and after pressing Cisco go the following response:

'just had confirmation from the Business Unit that the Chained Certs feature did make the 5.1 release, its just not been documented in the release notes.

These are now being updated, but FYI

5.1 for Web-Auth

5.1 MR1 (Maintenance Release 1) for 802.1X'

Seems that 5.1 WiSM s/w does do chained certs, they just forgot to tell us!

Scott Fella Mon, 09/01/2008 - 06:40

5.1 does support chained certs, but the cost of a verisign chained cert was expensive compared to an unchained cert from RapidSSL. So is the installation of the chained cert the same as an unchained, or do you have to add the intermediate CA's?

Actions

This Discussion