Can a single SSL certificate be used for webauth in both primary and backup WLCs?

Unanswered Question
May 28th, 2012


One of our customers have two 5508 WLC's working in same mobility group and APs are distributed among them. They want to implement a Verisign signed certificate on the webauth splash page, soguest  users do not get a certificate warning when they connect (they require https to protect the username and password being sent).

Both controllers use same virtual IP address but have different names. Can a single CSR be generated for this and installed on both WLC's?

Thanks and Regards

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
blakekrone Mon, 05/28/2012 - 19:20

Yes it can, but verify with Verisign that there isn't something in the agreement when you order limiting you to a single device. There is not "blocking" mechanism that would stop it from working, but they may have some terminology in their agreements that would cause issues.

Scott Fella Mon, 05/28/2012 - 20:56

I have done it with Verisign certificates in the past with no issue... Well at least last year. I do it all the time with other cert vendors.

Sent from Cisco Technical Support iPhone App

luisandreoni Mon, 05/28/2012 - 21:08

Thanks for the replies. Don't you need to specify the WLC hostname when you generate the CSR?

Also, they are not using DNS entry for the virtual interface. Do they need to add it?

Scott Fella Mon, 05/28/2012 - 21:11

You don't need to use the hostname. Give it something like or That FQDN needs to be entered in the VIP and DNS has to be able to resolve the FQDN to the VIP. So if it's for guest users, the dns the guest users obtain from dhcp, that dns needs to have the dns record.


Scott Fella

Sent from my iPhone

blakekrone Mon, 05/28/2012 - 21:12

You specify the domain name that you enter on the virtual interface for the CSR.

Yes they have to use the DNS name entry otherwise the WLC will redirect to the IP instead of name.

Saravanan Lakshmanan Sun, 06/03/2012 - 23:44

certificate is issued to fqdn or hostname and not to ip or infrasturcture, should be able to upload same cert to multiple WLCs.


This Discussion



Trending Topics - Security & Network