Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Third-Party Cert problem

WLC 4402 - 4.2.130.0

I have generated a CSR and received a certificate from GlobalSign. Has followed the instructions in "certificate signing Request Generation for a Third-Party ......"(DOcID 70584) , and uploaded the certificate to the WLC.

But still, when a user tries to log on to the portal(https://1.1.1.1/login.html), they get a sertificate error: "The adress does not match....."

The dnsname for our controller is: wlan-controller-1.xxxxxxxxx.xx

Any tips on how I can solve this ?

Regards

JF

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Third-Party Cert problem

had the same problem with a globalsign cert - problem is with your WLC software rev. the doc you referred to states:

WLC software versions prior to 5.1.151.0 do not support chained certificates. The workaround is to use one of these options:

Acquire an unchained certificate from the CA (which means that the signing root is trusted).

Have all valid intermediate CA root certificates (trusted or untrusted) installed on the client.

with WLC v5.1 we installed chained globalsign cert and the cert works fine.

cheers

andy

5 REPLIES

Re: Third-Party Cert problem

Make sure that the name you put in "DNS name" under the virtual interface is resolvable in the DNS server you are providing the end user. If you are only providing external DNS servers, then you are probably not going to get this to work, as an ISP usually won't update their DNS for this.

HTH,

Steve

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

Re: Third-Party Cert problem

Ok thanks but it did not help.

The virtual interface has ip : 1.1.1.1

dns : wlan-controller-1.xxxxx.xx

Tried also to update our DNS-server with the adress 1.1.1.1.

JF

Re: Third-Party Cert problem

the other thing to check, is that the CA that issued the certificate is in the CA store on the client. If you open a MMC and add the snapin for Certificates, local machine should be fine, make sure it's in the list of Root CA

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered

Re: Third-Party Cert problem

had the same problem with a globalsign cert - problem is with your WLC software rev. the doc you referred to states:

WLC software versions prior to 5.1.151.0 do not support chained certificates. The workaround is to use one of these options:

Acquire an unchained certificate from the CA (which means that the signing root is trusted).

Have all valid intermediate CA root certificates (trusted or untrusted) installed on the client.

with WLC v5.1 we installed chained globalsign cert and the cert works fine.

cheers

andy

New Member

Re: Third-Party Cert problem

Ahhh, did'nt see that.

Thanks a lot.

Regards

JF

671
Views
0
Helpful
5
Replies
CreatePlease to create content