Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

WLC 5500 Web Auth - Certificate Error

Hello,

SSL Certificate Error received before and after Web Auth banner page when users try to access the Internet.

 

Is there a way to change the WebAuth to use http instead of https ?

 

 

  • Security and Network Management
11 REPLIES

If you are running 7.2 or

If you are running 7.2 or newer code you can do it very simply. You just need to issue the command:

config network web-auth secureweb disable

HTH,

Steve

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

 We have version 7.0.116.0.

 

We have version 7.0.116.0.

 

Is that command to disable WebAuth  ?

 

We need the banner pager for logging purposes but don't want to get SSL Security messages.

 

As WebAuth use https thought it may be easier to use http instead ?

 

Jay

No, it doesn't disable

No, it doesn't disable webauth, it just stops it from needing to use HTTPS.

 

For 7.0 you need to disable HTTPS for management totally.

http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/115951-web-auth-wlc-guide-00.html#httpnots

 

But I would just upgrade to newer code if your AP's will support being there.

 

HTH,

Steve

 

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

 Sorry what is the issue if I

 

Sorry what is the issue if I don't upgrade ?   will APs issue another error ?

I have never done the upgrade so not sure if its quick or needs a lot of work.

 

 

Thanks

if you don't upgrade, the

if you don't upgrade, the management of the WLC will not be SSL encrypted. Some people don't want the management unencrypted.

 

And 7.0.116 is pretty old as well.  Take a look at the release notes for 7.4 code and see if you like the features/bug fixes.

 

Steve

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

 Ok great many thanks !

 

Ok great many thanks !

The client's don't need to

The client's don't need to download the certificate. they need to have a trust of the root authority that issues it. So if you use a well known authority, they should have that trust by default

 

HTH,

Steve

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

 We have client users roaming

 

We have client users roaming to UK from US and other countries using our WiFI how do you determine the well known authority ?       We cant check every device so was not sure which certificate to go for ?.

 

 

I've not heard that it

I've not heard that it matters country to country. more of an OS thing.

But if you stick with Verisign, Thawte, even GoDaddy now a days you should be fine.

 

Steve

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
203
Views
5
Helpful
11
Replies