Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

What is everyone using for a SSL Cert on the Wireless Controller?

If I use the locally generated SSL cert on my WLC Internet Explorer always shows the "Untrusted cert warning" when users try to authenticate via the web interface. What can I do to resolve this do I need to buy a cert? If so where is the best and cheapest place to do this? GoDaddy???? Also, I purchased one for my mail server and had to specify a domain name during the process. What would I use for my WLC? The URL during the web authentication process show https://1.1.1.1

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

Re: What is everyone using for a SSL Cert on the Wireless Contro

RapidSSL is your best bet. It is less than 90 bucks for 1 year with insurance and renewal. 5 years is like 380 bucks. GoDaddy will not work since they use chained certificates.

On the VIP, you would enter the DNS Domain Name as what you used on the certificate CN when generating a csr. Of course, you will have to resolve the CN name to 1.1.1.1 or change the 1.1.1.1 to another ip address that is not on your network. Reboot the wlc and your done.

-Scott
*** Please rate helpful posts ***
6 REPLIES
Hall of Fame Super Silver

Re: What is everyone using for a SSL Cert on the Wireless Contro

RapidSSL is your best bet. It is less than 90 bucks for 1 year with insurance and renewal. 5 years is like 380 bucks. GoDaddy will not work since they use chained certificates.

On the VIP, you would enter the DNS Domain Name as what you used on the certificate CN when generating a csr. Of course, you will have to resolve the CN name to 1.1.1.1 or change the 1.1.1.1 to another ip address that is not on your network. Reboot the wlc and your done.

-Scott
*** Please rate helpful posts ***

Re: What is everyone using for a SSL Cert on the Wireless Contro

Another solution is to connect to your controller over a safe connection (local switch) you trust, and install the self signed certificate... You know it's your controller certificate, it's self generated, you trust the link to it so you install it on your PC...

New Member

Re: What is everyone using for a SSL Cert on the Wireless Contro

The post by fella5 solved my problem with getting me the correct SSL Cert and this pdf document on the Cisco website showed me how to convert the cert and install it to the WLC.

http://www.cisco.com/application/pdf/paws/70584/csr_wlc.pdf

Thanks - fella5 you have been extremely helpful to me!

Hall of Fame Super Silver

Re: What is everyone using for a SSL Cert on the Wireless Contro

Glad to help!

-Scott
*** Please rate helpful posts ***
New Member

Re: What is everyone using for a SSL Cert on the Wireless Contro

Hi

We had issues with chained certificates and after pressing Cisco go the following response:

'just had confirmation from the Business Unit that the Chained Certs feature did make the 5.1 release, its just not been documented in the release notes.

These are now being updated, but FYI

5.1 for Web-Auth

5.1 MR1 (Maintenance Release 1) for 802.1X'

Seems that 5.1 WiSM s/w does do chained certs, they just forgot to tell us!

Hall of Fame Super Silver

Re: What is everyone using for a SSL Cert on the Wireless Contro

5.1 does support chained certs, but the cost of a verisign chained cert was expensive compared to an unchained cert from RapidSSL. So is the installation of the chained cert the same as an unchained, or do you have to add the intermediate CA's?

-Scott
*** Please rate helpful posts ***
482
Views
0
Helpful
6
Replies