Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1899
Views
0
Helpful
2
Replies

certificate in WLC

bbxie
Level 3
Level 3

‎08-25-2010 10:55 PM - edited ‎07-03-2021 07:07 PM

Hi All,

There're some different kind of certificates in the WLC, I'm a bit confused. Is there any document give them a summarization? For example, can some of the certs share the same cert?

1. HTTPS has a SSL cert(CN=169.254.1.1)

2. Web-Auth has a SSL cert(CN=1.1.1.1)

3.  LSC (X.509 cert)

4. IPSec CA cert

5. IPSec ID Cert

I guess 1 and 2 can share the same SSL cert, however I don't know what the CN should be looked like when generate CSR to CA(Web-Auth should use virtual gw IP, HTTPS should use management IP).

Thanks for any input!

Labels:
0 Helpful
2 Replies 2

BRYN JONES
Level 1
Level 1

‎09-01-2010 07:02 AM

Hi

We retain the Cisco certificate for use on the HTTPS admin interface.

We install a 3rd party cert for use on our web authentication:

http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080a77592.shtml

We haev the 3rd party cert tied to a hostname, which resolves to 1.1.1.1 currently, as as and when someone eventually uses 1.1.1.1 as a publically routable address, we can just to a quick DNS change and we will be unaffected.

0 Helpful

bbxie
Level 3
Level 3
In response to BRYN JONES

‎09-01-2010 04:28 PM

Thanks for the info, my friend!

From our field engineer's feedback, the HTTPS cert for admin and the Web-Auth cert can share the same SSL cert, the condition is that to create a record in the local DNS server, in this record, one DNS name maps to two IP addresses(Virtual Gateway IP and WLC Management IP), then use this DNS name as CN to generate the SSL cert. Currently there's no bug or potential risk found. Everything works fine.

For all the other 3 kind of certs, it seems can't share. LSC is for regenerating AP/WLC X.509 cert(mutual auth during join process), never tested it, don't know how it behaves.  IPSec cert seems can be used in:

1.  Radius connection(not tested, don't know which Radius server can support IPSec)

2. Secure Mobility(UDP 16667)

3. VPN termination in WLAN profile(it seems only very old versions support it, 4.0, etc)

Anyway, it seems a lot of certs needed, customers are not happy for it since they have to pay more money

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card