What is everyone using for a SSL Cert on the Wireless Controller?

Answered Question
May 30th, 2008
User Badges:

If I use the locally generated SSL cert on my WLC Internet Explorer always shows the "Untrusted cert warning" when users try to authenticate via the web interface. What can I do to resolve this do I need to buy a cert? If so where is the best and cheapest place to do this? GoDaddy???? Also, I purchased one for my mail server and had to specify a domain name during the process. What would I use for my WLC? The URL during the web authentication process show https://1.1.1.1


Correct Answer by Scott Fella about 9 years 1 month ago

RapidSSL is your best bet. It is less than 90 bucks for 1 year with insurance and renewal. 5 years is like 380 bucks. GoDaddy will not work since they use chained certificates.


On the VIP, you would enter the DNS Domain Name as what you used on the certificate CN when generating a csr. Of course, you will have to resolve the CN name to 1.1.1.1 or change the 1.1.1.1 to another ip address that is not on your network. Reboot the wlc and your done.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Scott Fella Fri, 05/30/2008 - 08:42
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

RapidSSL is your best bet. It is less than 90 bucks for 1 year with insurance and renewal. 5 years is like 380 bucks. GoDaddy will not work since they use chained certificates.


On the VIP, you would enter the DNS Domain Name as what you used on the certificate CN when generating a csr. Of course, you will have to resolve the CN name to 1.1.1.1 or change the 1.1.1.1 to another ip address that is not on your network. Reboot the wlc and your done.

jeromehenry_2 Fri, 05/30/2008 - 09:21
User Badges:
  • Silver, 250 points or more

Another solution is to connect to your controller over a safe connection (local switch) you trust, and install the self signed certificate... You know it's your controller certificate, it's self generated, you trust the link to it so you install it on your PC...

Scott Fella Fri, 05/30/2008 - 12:12
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

Glad to help!

BRYN JONES Mon, 09/01/2008 - 06:30
User Badges:

Hi


We had issues with chained certificates and after pressing Cisco go the following response:


'just had confirmation from the Business Unit that the Chained Certs feature did make the 5.1 release, its just not been documented in the release notes.


These are now being updated, but FYI


5.1 for Web-Auth

5.1 MR1 (Maintenance Release 1) for 802.1X'


Seems that 5.1 WiSM s/w does do chained certs, they just forgot to tell us!

Scott Fella Mon, 09/01/2008 - 06:40
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

5.1 does support chained certs, but the cost of a verisign chained cert was expensive compared to an unchained cert from RapidSSL. So is the installation of the chained cert the same as an unchained, or do you have to add the intermediate CA's?

Actions

This Discussion