Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Can a single SSL certificate be used for webauth in both primary and backup WLCs?

Hi,

One of our customers have two 5508 WLC's working in same mobility group and APs are distributed among them. They want to implement a Verisign signed certificate on the webauth splash page, soguest  users do not get a certificate warning when they connect (they require https to protect the username and password being sent).

Both controllers use same virtual IP address 1.1.1.1 but have different names. Can a single CSR be generated for this and installed on both WLC's?

Thanks and Regards

6 REPLIES
Silver

Can a single SSL certificate be used for webauth in both primary

Yes it can, but verify with Verisign that there isn't something in the agreement when you order limiting you to a single device. There is not "blocking" mechanism that would stop it from working, but they may have some terminology in their agreements that would cause issues.

Hall of Fame Super Silver

Re: Can a single SSL certificate be used for webauth in both pri

I have done it with Verisign certificates in the past with no issue... Well at least last year. I do it all the time with other cert vendors.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
New Member

Can a single SSL certificate be used for webauth in both primary

Thanks for the replies. Don't you need to specify the WLC hostname when you generate the CSR?

Also, they are not using DNS entry for the virtual interface. Do they need to add it?

Hall of Fame Super Silver

Re: Can a single SSL certificate be used for webauth in both pri

You don't need to use the hostname. Give it something like guestwireless.domain.com<> or wireless.domain.com<>. That FQDN needs to be entered in the VIP and DNS has to be able to resolve the FQDN to the VIP. So if it's for guest users, the dns the guest users obtain from dhcp, that dns needs to have the dns record.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***
Silver

Can a single SSL certificate be used for webauth in both primary

You specify the domain name that you enter on the virtual interface for the CSR.

Yes they have to use the DNS name entry otherwise the WLC will redirect to the IP instead of name.

Cisco Employee

Can a single SSL certificate be used for webauth in both primary

certificate is issued to fqdn or hostname and not to ip or infrasturcture, should be able to upload same cert to multiple WLCs.

523
Views
0
Helpful
6
Replies
CreatePlease login to create content