Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
362
Views
0
Helpful
3
Replies

Cisco 5760 doesn't identify a redirect virtual hostname and gives certificate error

Go to solution
Lovleen Arora
Level 1
Level 1

‎08-19-2014 03:51 PM - edited ‎07-05-2021 01:23 AM

 

So, we deployed the 5760 for guest ssid along with other main ssid. The problem we are hitting is the user gets a certificate error after guest authentication when the wlc sends a virtual IP as the redirect URL.

In the WLC config we have mentioned virtual-hostname along with the virtual-ip under the parameter-map for guest web-portal, but for some reason the wlc seems like doesn't want to consider the virtual hostname for re-direct and will only use virtual-ip.

We are using a certificate which is issues to the virtual URL from the CA, but because the redirect URL has IP address in it, the cert invalid error shows up.

We also got the CA to send us another cert with IP address in the Subject alternative name field of the certificate, but that also doesn't not fix the issue.

Has anyone else come across the same or similar problem. I reckon the 5760's are fairly new to the market, so cisco has not been very full-proof in mitigating these small things.

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rasika Nayanajith
VIP
VIP

‎08-19-2014 07:58 PM

Hi

Check whether you have configured default parameter map (which specify the virtual ip) & custom parameter map (which specify the redirect login URL, redirect portal IP address,etc). Redirect portal IP address is important to have.

parameter-map type webauth global
 type webauth
 virtual-ip ipv4 <5760-virtual-ip>
!
parameter-map type webauth <Custom_Parameter_map>
 type webauth
 redirect for-login https://<redirect-login-url>
 redirect portal ipv4 x.x.x.x

I have done external web redirect with 5760 & it worked. WebAuth cert issued to the URL that we are using & here is the cert installation procedure I followed.

http://mrncciew.com/2014/07/30/5760-webauth-certificates/

HTH

Rasika

*** Pls rate all useful responses ****

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Rasika Nayanajith
VIP
VIP

‎08-19-2014 07:58 PM

Hi

Check whether you have configured default parameter map (which specify the virtual ip) & custom parameter map (which specify the redirect login URL, redirect portal IP address,etc). Redirect portal IP address is important to have.

parameter-map type webauth global
 type webauth
 virtual-ip ipv4 <5760-virtual-ip>
!
parameter-map type webauth <Custom_Parameter_map>
 type webauth
 redirect for-login https://<redirect-login-url>
 redirect portal ipv4 x.x.x.x

I have done external web redirect with 5760 & it worked. WebAuth cert issued to the URL that we are using & here is the cert installation procedure I followed.

http://mrncciew.com/2014/07/30/5760-webauth-certificates/

HTH

Rasika

*** Pls rate all useful responses ****

0 Helpful

Go to solution
Lovleen Arora
Level 1
Level 1
In response to Rasika Nayanajith

‎09-01-2014 04:16 PM

thanks for your reply 

so what we did was get out CA to give us a cert with CN name as the virtual hostname, but also put in IP address field with the virtual-ip in the Subject alternative name section of the certificate.

Now we have installed this cert, and this one does work (i.e no cert error for the guest portal on chrome or firefox browser, but IE for some weird reason still gives us the error saying the cert is not from a valid authority etc.

The CA we are using QuoVAdis.

0 Helpful

Go to solution
Rasika Nayanajith
VIP
VIP
In response to Lovleen Arora

‎09-01-2014 09:09 PM

Glad to see you get it working.

Regards

Rasika

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card