Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

Unable to access 5508 GUI with Google Chrome after upgrading to 7.5-"SSL Connection Error"

     

    Introduction

    Unable to access 5508 controller GUI with Google Chrome after upgrading to 7.5.102.0 - "SSL Connection Error".

    Problem Category

    Wireless

    Problem Subcategory

    Cisco Wireless LAN Control (WLC)

    Software

    version 7.5.102.0

    Hardware

    Wireless LAN Controller 5508

    Problem Description

    User upgraded 5508 to 7.5.102.0 the other day and now can't access the GUI using Google Chrome. I get a page saying "SSL connection error".

    It works fine with Internet Explorer and Firefox. The final Wireshark packet in the Chrome trace says "Handshake Failure". Have upgraded Chrome and tried with different laptops with the same result. I have also upgraded our lab controller (also a 5508) and that's the same.

    Another user also reported that "when I upgraded my Google Chrome!  I had v7.5 running fine until I upgraded my browser". I think that Chrome has corrupted information that has to be removed, but where to remove it is the questions.

    One more user faced same problem too. Additionally Guest Wireless portal also not working for Google Chrome clients after upgraded to 7.5.102.0. Looking for permanent fix without ask to change the browser (in guest scenario not possible to do this & most of android devices comes with chrome as default browser)

    Solution

    This is being investigated.

    Chrome 29 adds TLS 1.2 support, and WLC is selecting a crypto suite over TLS 1.0 that apparently is breaking client.

    Try this workaround for now.

    config network secureweb cipher-option rc4-preference enable

    Save and reboot required.

    More Information

    The Chrome browser, when upgraded to version 29, may be unable to access the PI and WLC GUIs. The problem is fixed in PI 2.0; patches are available for earlier versions.  The problem affects the WLC running AireOS 7.5, and will be fixed in 7.6; a workaround is to configure "config network secureweb cipher-option rc4-preference enable" and reboot.

    1.jpg

     

    Enabling Web and Secure Web Modes (CLI)

    Step 1 To enable or disable web mode, enter this command:

    config network webmode {enable | disable}

    This command allows users to access the controller GUI using "http://ip-address." The default value is disabled. Web mode is not a secure connection.

    Step 2 To enable or disable secure web mode, enter this command:

    config network secureweb {enable | disable}

    This command allows users to access the controller GUI using "https://ip-address." The default value is enabled. Secure web mode is a secure connection.

    Step 3 To enable or disable secure web mode with increased security, enter this command:

    config network secureweb cipher-option high {enable | disable}

    This command allows users to access the controller GUI using "https://ip-address" but only from browsers that support 128-bit (or larger) ciphers. The default value is disabled.

    Step 4 To enable or disable SSLv2 for web administration, enter this command:

    config network secureweb cipher-option sslv2 {enable | disable}

    If you disable SSLv2, users cannot connect using a browser configured with SSLv2 only. They must use a browser that is configured to use a more secure protocol such as SSLv3 or later. The default value is enabled.

    Step 5 To verify that the controller has generated a certificate, enter this command:

    show certificate summary

    Information similar to the following appears:

    Web Administration Certificate................. Locally Generated
    Web Authentication Certificate................. Locally Generated
    Certificate compatibility mode:................ off

     

    Note If you want to download your own SSL certificate to the controller, follow the instructions in the "Loading an Externally Generated SSL Certificate" section.

    Step 6 (Optional) If you need to generate a new certificate, enter this command:

    config certificate generate webadmin

    After a few seconds, the controller verifies that the certificate has been generated.

    Step 7 To save the SSL certificate, key, and secure web password to nonvolatile RAM (NVRAM) so that your changes are retained across reboots, enter this command:

    save config

    Step 8 To reboot the controller, enter this command:

    reset system

    Reference

    This document was generated from the following discussion: Google Chrome with 7.5.102.0

    WLC2504 no GUI after upgrade to 7.5.102

    Cisco Bug - Cannot open WLC GUI in Chrome-29 with 'https'

    Cisco Bug - PI: Chrome upgrade to Version 29.0.1547.57 m causes error