When a guest user first connects to the internet via my controller, the guest gets prompted for a web authentication certificate and I was wondering if there was a way to get that to stop. I am doing external web authentication and I don't want that to be a step for them on the way to the internet.
I wonder if the prompting your guests get is actually a notification of a certificate error. This error is because the SSL certificate is issued by the controller itself which is not in the guest's PC's root certificate database.
It's a bad idea to teach users to ignore certificate errors and the only way to stop this is to turn off HTTPS which turns it off even for management access to the controller.
I am having this issue as well and Cisco told me they may allow web authentication to be done with HTTP while still retaining HTTPS for management.
That's a workaround for the short term but I don't think it is a good idea to have the authentication information travelling in the clear either.
I want to see if Verisign or some other valid certificate issuing company can provide us with a 22.214.171.124 (or whatever your virtual address is) certifcate that we can use. If that works it would be nice if Cisco included this certificate with the product.