Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco Nac guest server and WLC certificate client issue

Hi all,

We've successfully managed to install our Cisco Nac guest server and a 4402 controller in DMZ. All working apart from RADIUS issues. However when a client connect to the wireless LAN they get certificate errors.

The client tries to go to a web page and are redirected to the following URL which is coming back from the controller: hxxps://1.1.1,1/login.html?redirect=cisco.com/. The browser displays and error "There is a problem with this website's security certificate". The client has to click on "Continue to this website (not recommended)" to continue.

The browser then displays the same certificate error but this time the URL is from our NAC guest server, again clicking on "Continue to this website (not recommended) to continue." solves the issue and the client is redirected to the splash page.

How can I ensure these 2 pages are not presented to the user ?

Thanks

3 REPLIES
Hall of Fame Super Silver

Re: Cisco Nac guest server and WLC certificate client issue

Well you will need to use a 3rd party certificate..  Here is a link to generate and install a 3rd party certificate on the WLC for the use with Web-Auth:

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00806e367a.shtml

Here is a link for the NGS:

http://tools.cisco.com/search/display?url=http%3A%2F%2Fwww.cisco.com%2Fen%2FUS%2Fdocs%2Fsecurity%2Fnac%2Fappliance%2Fconfiguration_guide%2F410%2Fcas%2Fcas41ug.pdf&pos=1&strqueryid=2&websessionid=RK88fQNWy8TCDUakpNGLOqZ

The applicances are using a self generated Cisco certificate which of course is not a trusted certificate store in most of all operating systems.  So using a 3rd party certificate like RapidSSL, Verisign, etc will eliminate the certificate issue.

-Scott
*** Please rate helpful posts ***
New Member

Re: Cisco Nac guest server and WLC certificate client issue

Thanks for the info, I'll approach our purchasing team to find all the pricing info, can I just use http instead and not https on the NAC guest server and DMZ wlc or do I have to prevent a cert to the client, it doesn't have to be https, can I use http only, the broweser won't whine then.

Thanks

Hall of Fame Super Silver

Re: Cisco Nac guest server and WLC certificate client issue

Yeah you can disable https so you won't get the certificate issue if you want, but to spend a couple hundred bucks for a 3-5 year RapidSSL cert isn't bad either.

-Scott
*** Please rate helpful posts ***
1324
Views
0
Helpful
3
Replies