Can a single SSL certificate be used for webauth in both primary and backup WLCs?

Unanswered Question
May 28th, 2012

Hi,

One of our customers have two 5508 WLC's working in same mobility group and APs are distributed among them. They want to implement a Verisign signed certificate on the webauth splash page, soguest  users do not get a certificate warning when they connect (they require https to protect the username and password being sent).

Both controllers use same virtual IP address 1.1.1.1 but have different names. Can a single CSR be generated for this and installed on both WLC's?

Thanks and Regards

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
blakekrone Mon, 05/28/2012 - 19:20

Yes it can, but verify with Verisign that there isn't something in the agreement when you order limiting you to a single device. There is not "blocking" mechanism that would stop it from working, but they may have some terminology in their agreements that would cause issues.

Scott Fella Mon, 05/28/2012 - 20:56

I have done it with Verisign certificates in the past with no issue... Well at least last year. I do it all the time with other cert vendors.

Sent from Cisco Technical Support iPhone App

luisandreoni Mon, 05/28/2012 - 21:08

Thanks for the replies. Don't you need to specify the WLC hostname when you generate the CSR?

Also, they are not using DNS entry for the virtual interface. Do they need to add it?

Scott Fella Mon, 05/28/2012 - 21:11

You don't need to use the hostname. Give it something like guestwireless.domain.com or wireless.domain.com. That FQDN needs to be entered in the VIP and DNS has to be able to resolve the FQDN to the VIP. So if it's for guest users, the dns the guest users obtain from dhcp, that dns needs to have the dns record.

Thanks,

Scott Fella

Sent from my iPhone

blakekrone Mon, 05/28/2012 - 21:12

You specify the domain name that you enter on the virtual interface for the CSR.

Yes they have to use the DNS name entry otherwise the WLC will redirect to the IP instead of name.

saravlak Sun, 06/03/2012 - 23:44

certificate is issued to fqdn or hostname and not to ip or infrasturcture, should be able to upload same cert to multiple WLCs.

Actions

Login or Register to take actions

This Discussion

Posted May 28, 2012 at 5:53 PM
Stats:
Replies:6 Avg. Rating:
Views:483 Votes:0
Shares:0

Related Content

Discussions Leaderboard