Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Same WebAuth cert for all WLCs 1.1.1.1???

It's fuzzy, but I seem to recall reading somewhere that I can use the same public CA cert on all WLCs for guest WebAuth, assuming the following:

All WLCs virtual IPs are 1.1.1.1

FQDN abc.mycompany.com resolves to 1.1.1.1 in my DNS provided to guests by DHCP

CN in public cert=abc.mycompany.com

Can I use the same public CA cert on all WLCs for guest WebAuth?

Do I have to chain imtermediate and/or WLC specific certs onto each WLC as well?

Thanks!

1 ACCEPTED SOLUTION

Accepted Solutions

Same WebAuth cert for all WLCs 1.1.1.1???

Yes, so long as the Virtual interface matches, both the IP and the dns name, you can use the same certificate across all the WLC in your network.

Steve

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
3 REPLIES

Same WebAuth cert for all WLCs 1.1.1.1???

Yes, so long as the Virtual interface matches, both the IP and the dns name, you can use the same certificate across all the WLC in your network.

Steve

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered

Same WebAuth cert for all WLCs 1.1.1.1???

Yup, just cant use them for HTTPS logon into the controllers. But as Steve points out, you can reuse that cert on all the WLCs so long as it pointing to the right VIP on the WLC and its resolving on the DNS.

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
New Member

Same WebAuth cert for all WLCs 1.1.1.1???

Thanks to Stephen & George!

Some day I'll get internal certs for web admin of the WLCs.  Right now I need to by-pass NAC/Guest Server to provide instant Internet gratification. 

254
Views
0
Helpful
3
Replies
CreatePlease to create content