Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

SSL certificate for internal web authentication

We have Cisco WCS and two Cisco 2006 controllers running software version 4.0.206

The guest WLAN is configured for internal web authentication.

The redirect url for internal web auth is https://1.1.1.1/login.html which I think is impossible to edit in this version. My virtual ip is obviously 1.1.1.1 for both controllers.

I want to get rid of the security warning for the SSL certificate used by the guest login page.

Q1: How can I order a certificate that matches the host name 1.1.1.1 in the url ?

Q2: Do I need two different certificates for my two controllers ?

4 REPLIES
Silver

Re: SSL certificate for internal web authentication

Users are prompted to accept the certificate from the WLC because the clients do not have a trusted root certificate for the certificate that is installed on the WLC. The SSL certificate on the WLC is not in the list of certificates that the client system trusts. There are two ways to stop the generation of this web-browser security alert popup window:

a) Use the self-signed SSL certificate on the WLC and configure the client stations to accept the certificate

b) Generate a CSR and install a certificate that is signed by a source (a third-party CA) for which the clients already have the trusted root certificates installed. For more information on this read http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00806e367a.shtml

New Member

Re: SSL certificate for internal web authentication

Thank you. It was the host name field in virtual interface configuration I was missing.

I Guess this means I can use the same certificate for both controllers in the system.

New Member

Re: SSL certificate for internal web authentication

When you generate certificates for the controllers you have to supply the hostnames also - for example, Controller1 and Controller2.

For an authenticating client, controller's Virtual IP address and hostnames do not matter. The only thing that matters is the Trusted Authority that signed controllers certificate.

New Member

Re: SSL certificate for internal web authentication

I think the client also checks that the host name of the url matches the host name of the certificate. For instance, IE 7 will say,"The security certificate presented by this website was issued for a different website's address."

Am I wrong ?

How is this handled by WLC web authentication, if the url is https://1.1.1.1/login.html ?

1358
Views
0
Helpful
4
Replies