Solved: Certificate for Guest Network

nshoe18 · ‎02-24-2010

AT a client site we have a 4402 running and have recently upgraded to 6.0. After upgrading when users connect to the guest network and open a web browser to be redirected to the login page they get the certificate error page in internet explorer then after clicking continue, they get the login page. Has anyone seen why the certificate errors occurs on the guest network?

Peter Nugent · ‎02-28-2010

The cert gives the error as its a Cisco cert and wont be in the client such as a Veisign cert would.

You can deploy an open SSL cert to the WLC or diasable https and just use JTTP but the latter is not recomended.

View solution in original post

Peter Nugent · ‎02-28-2010

The cert gives the error as its a Cisco cert and wont be in the client such as a Veisign cert would.

You can deploy an open SSL cert to the WLC or diasable https and just use JTTP but the latter is not recomended.

nshoe18 · ‎03-01-2010

Thanks for your reply. The issue is that the certificate error is occuring on the Web Authentication page for the Guest Wireless Network not for the login page for the actual controller. So a guest connects to the wireless entwork and opens a web browser and then instead of the weblogin page they get the certificate error page.

Peter Nugent · ‎03-01-2010

If the user accepts the certificate does it take them to the login page? If so this is

all normal.

To keep the https wlc login capability I would suggest using the openssl cert

Below shows how to install an open ssl cert and also the guest access deployment guide

http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080a77592.shtml

http://www.cisco.com/en/US/docs/wireless/technology/guest_access/technical/reference/4.1/GAccess_41.html

nshoe18 · ‎03-01-2010

I agree that normal functionality of the controller is that you see the certificate error and click to accept and continue when logging in to the web interface. We are seeing this when logging opening a web browser as a guest and getting the guest user web authentication screen, which I have not seen happen on any controller I have worked on previously. See attachments.

Peter Nugent · ‎03-01-2010

No attachments!!

Scott Fella · ‎03-03-2010

Unless you have installed a 3rd party certificate, you will always get certificate error because the built-in Cisco certificate is not a trusted certificate in Windows or MAC's. Now if you did have a 3rd party certificate installed, maybe the upgrade corrupted the cert or returned the certificate back to default Cisco. Look at the certificate in the WLC and see what certificate is being used.

-Scott
*** Please rate helpful posts ***

nshoe18 · ‎03-03-2010

I actually spoke with Cisco about this and previous versions of the controller software did not require a third-party certificate for the Web Authentication Page for a Guest network, hoever starting with 4.2.X they are now using SSL Version 3 so there is no way around it, other than purchasing a certificate or turning off the Secure Web piece.

Thanks for your responses.

Scott Fella · ‎03-03-2010

So your client was on a 3.x code and you upgraded to a 6.x? Its been a while since I touched 3.x, but maybe they didn't do secure web back then. I know that they generate their own certificate still so that would still generate an error prior to getting the web-auth page. Oh well... you have it under control.

-Scott
*** Please rate helpful posts ***

nshoe18 · ‎03-03-2010

We were actually on 4.1.185 which did not require the secure web for the web authentication securtiy method.