Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

SSL certificate on 5508 WLC

I am in the process of using OpenSSL to generate a device certificate for my 5508 WLC.

 

However, I had a question about DNS. The controller is on a guest network and is used for outside companies. I don't control their laptops/devices, and the controller is handing out a public DNS (8.8.8.8) for them to use. They simply log in and connect to the Internet.

 

I assume this is going to create a problem with the device certificate. Won't clients get a warning if they cannot resolve the name of the controller against the certificate? Aside from installing my own DNS server into that network, is there any way around this?

2 REPLIES
New Member

If you want to 'hide' the

If you want to 'hide' the virtual IP address used for webauth, the FQDN must be resolvable. See this document for more details:

http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/115951-web-auth-wlc-guide-00.html#cause

A work-around would be to use the virtual interface IP address for your CN when creating your cert.

Hall of Fame Super Silver

What I have done is create a

What I have done is create a certificate using your public domain and then adding an alias DNS record on your external DNS or public DNS server.  Tie it to one of your public IP address and then use that public IP address for your VIP.  That is a work around I have used.

Please rate helpful post and Cisco Support Community will donate to Kiva

Scotty

-Scott
*** Please rate helpful posts ***
150
Views
0
Helpful
2
Replies
CreatePlease to create content