I have a few questions about certificates as I am debating on purchasing a 3rd party certificate for webauth clients. I'm running WCS 184.108.40.206 and my 4404's are on 220.127.116.11.
1. Which type of certificate is preferred, between self-signed and 3rd party (verisign, rapidssl, etc)? Which works better and is easier to set up between the two types?
2. Does the CN need to be the virtual interface's DNS hostname, or can it be the actual virtual address (18.104.22.168)?
3. If it needs to be DNS, does the CN have to be 'hostname.domain.com' or just 'hostname'?
4. Does the DNS name for the virtual interface need to be registered and active on the DNS servers?
5. If self-signed certificates are preferred, how do I change the parameters (ie, the CN) of the certificate on the controllers to remove the error messages of 'invalid hostname' by putting in a valid one?
6. Will having a valid certificate affect any other WLAN/SSID in some way (that don't have webauth)?
However, I still need to know the answers to at least questions 2,3,4 and 5 before I use self-signed certificates without the popup saying the certificates are invalid.
I already have self-signed running for my webauth SSID but I want to get rid of the error, hence the questions. The main reason being this is a campus environment so I do not have access to the client laptops- many students use their own.
Based on the advice to 'not go there' regarding configuring the CN of a self-signed cert, I've decided to go with 3rd party.
Now a new question surfaced once I started looking into where to get one. Am I looking for a root cert or an intermediate? I'm pretty sure it's root that I'm looking for but a little extra confirmation wouldn't hurt.
To be honest, I don't know what they're called : )
Having said that I get my certs from www.rapidssl.com. All you need do is generate a Certificate Signing Request, go to the web site andwork through the submission and order process pasting in your CSR when prompted. At the end of it you'll get an email with your certificate enclosed. After that the final step is to install the cert on your box. The corresponding root cert is built into Windows so no need for any installations on any client devices.