Third-Party Cert problem

Answered Question
Jan 26th, 2009
User Badges:

WLC 4402 - 4.2.130.0

I have generated a CSR and received a certificate from GlobalSign. Has followed the instructions in "certificate signing Request Generation for a Third-Party ......"(DOcID 70584) , and uploaded the certificate to the WLC.


But still, when a user tries to log on to the portal(https://1.1.1.1/login.html), they get a sertificate error: "The adress does not match....."

The dnsname for our controller is: wlan-controller-1.xxxxxxxxx.xx


Any tips on how I can solve this ?


Regards


JF

Correct Answer by andrewswanson about 8 years 5 months ago

had the same problem with a globalsign cert - problem is with your WLC software rev. the doc you referred to states:


WLC software versions prior to 5.1.151.0 do not support chained certificates. The workaround is to use one of these options:


Acquire an unchained certificate from the CA (which means that the signing root is trusted).


Have all valid intermediate CA root certificates (trusted or untrusted) installed on the client.


with WLC v5.1 we installed chained globalsign cert and the cert works fine.

cheers

andy

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Stephen Rodriguez Mon, 01/26/2009 - 12:44
User Badges:
  • Purple, 4500 points or more

Make sure that the name you put in "DNS name" under the virtual interface is resolvable in the DNS server you are providing the end user. If you are only providing external DNS servers, then you are probably not going to get this to work, as an ISP usually won't update their DNS for this.


HTH,

Steve

johannf Tue, 01/27/2009 - 01:29
User Badges:

Ok thanks but it did not help.


The virtual interface has ip : 1.1.1.1

dns : wlan-controller-1.xxxxx.xx


Tried also to update our DNS-server with the adress 1.1.1.1.


JF

Stephen Rodriguez Tue, 01/27/2009 - 07:02
User Badges:
  • Purple, 4500 points or more

the other thing to check, is that the CA that issued the certificate is in the CA store on the client. If you open a MMC and add the snapin for Certificates, local machine should be fine, make sure it's in the list of Root CA

Correct Answer
andrewswanson Wed, 01/28/2009 - 04:34
User Badges:
  • Silver, 250 points or more

had the same problem with a globalsign cert - problem is with your WLC software rev. the doc you referred to states:


WLC software versions prior to 5.1.151.0 do not support chained certificates. The workaround is to use one of these options:


Acquire an unchained certificate from the CA (which means that the signing root is trusted).


Have all valid intermediate CA root certificates (trusted or untrusted) installed on the client.


with WLC v5.1 we installed chained globalsign cert and the cert works fine.

cheers

andy

johannf Wed, 01/28/2009 - 12:15
User Badges:

Ahhh, did'nt see that.


Thanks a lot.


Regards


JF

Actions

This Discussion

 

 

Trending Topics - Security & Network