We recently applied a 3rd party SSL certificate to our 5508 (running 18.104.22.168) to be used for guest web authentication. It's working, however Mac clients are getting invalid certificate messages. This seems to be due to Mac’s default behavior to use OCSP to validate certificates.. Disabling OCSP via the Keychain causes the cert error to go away. I’m wondering if there is any WLC setting that allows OCSP through the captive portal. Thanks for your assistance.
I have good experience with WLC and I never heard anything about configuring WLC to support OSCP.
IMHO the issue with the client not with WLC. If you debug traffic (or capture packets) you will probably find that the Mac device is the party that stops responding (or responds with reject) at some point.
You need to look at the Mac side to be compatible with WLC not the other way.
Sent from Cisco Technical Support iPad App
Rating useful replies is more useful than saying "Thank you"