Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco 5760 doesn't identify a redirect virtual hostname and gives certificate error

 

So, we deployed the 5760 for guest ssid along with other main ssid. The problem we are hitting is the user gets a certificate error after guest authentication when the wlc sends a virtual IP as the redirect URL.

In the WLC config we have mentioned virtual-hostname along with the virtual-ip under the parameter-map for guest web-portal, but for some reason the wlc seems like doesn't want to consider the virtual hostname for re-direct and will only use virtual-ip.

We are using a certificate which is issues to the virtual URL from the CA, but because the redirect URL has IP address in it, the cert invalid error shows up.

We also got the CA to send us another cert with IP address in the Subject alternative name field of the certificate, but that also doesn't not fix the issue.

Has anyone else come across the same or similar problem. I reckon the 5760's are fairly new to the market, so cisco has not been very full-proof in mitigating these small things.

Thanks

  • Other Wireless - Mobility Subjects
1 ACCEPTED SOLUTION

Accepted Solutions
VIP Purple

HiCheck whether you have

Hi

Check whether you have configured default parameter map (which specify the virtual ip) & custom parameter map (which specify the redirect login URL, redirect portal IP address,etc). Redirect portal IP address is important to have.

parameter-map type webauth global
 type webauth
 virtual-ip ipv4 <5760-virtual-ip>
!
parameter-map type webauth <Custom_Parameter_map>
 type webauth
 redirect for-login https://<redirect-login-url>
 redirect portal ipv4 x.x.x.x

I have done external web redirect with 5760 & it worked. WebAuth cert issued to the URL that we are using & here is the cert installation procedure I followed.

http://mrncciew.com/2014/07/30/5760-webauth-certificates/

HTH

Rasika

*** Pls rate all useful responses ****

3 REPLIES
VIP Purple

HiCheck whether you have

Hi

Check whether you have configured default parameter map (which specify the virtual ip) & custom parameter map (which specify the redirect login URL, redirect portal IP address,etc). Redirect portal IP address is important to have.

parameter-map type webauth global
 type webauth
 virtual-ip ipv4 <5760-virtual-ip>
!
parameter-map type webauth <Custom_Parameter_map>
 type webauth
 redirect for-login https://<redirect-login-url>
 redirect portal ipv4 x.x.x.x

I have done external web redirect with 5760 & it worked. WebAuth cert issued to the URL that we are using & here is the cert installation procedure I followed.

http://mrncciew.com/2014/07/30/5760-webauth-certificates/

HTH

Rasika

*** Pls rate all useful responses ****

New Member

thanks for your reply so what

thanks for your reply 

so what we did was get out CA to give us a cert with CN name as the virtual hostname, but also put in IP address field with the virtual-ip in the Subject alternative name section of the certificate.

Now we have installed this cert, and this one does work (i.e no cert error for the guest portal on chrome or firefox browser, but IE for some weird reason still gives us the error saying the cert is not from a valid authority etc.

The CA we are using QuoVAdis.

VIP Purple

Glad to see you get it

Glad to see you get it working.

Regards

Rasika

72
Views
0
Helpful
3
Replies