https://community.cisco.com/t5/wireless/ssl-problems-with-verisign-certificates/m-p/971279#M68714 <HTML><HEAD></HEAD><BODY><P>The problem is that Verisign gave you a chained cert. They will stop issuing root unchained certs in the end of September. So your best bet is to go with RapidSSL or if you really want a Verisign cert, is to call them and request one. They will tell you that they will no longer support it in the future. </P><P></P><P>The WLC doesn't support any chained certs only root CA unchained certs.</P><P></P><P>Hope this helps.</P></BODY></HTML> Tue, 01 Jul 2008 10:26:38 GMT Scott Fella 2008-07-01T10:26:38Z https://community.cisco.com/t5/wireless/ssl-problems-with-verisign-certificates/m-p/971278#M68713 <P>I'm running an WLAN with a pair of ACS3.3(2) servers and 1200 series APs. I use AES encryption and Peap MS-chap authentication.</P><P>Everything was running fine until I renewed the SSL cert for the two servers. After the new cert was installed a large number of clients could not connect. A workaround was to check the option "Allow intermediate certificates" on the client. Some clients don't even have this option and I didn't want to have to reconfigure all the clients (in the 1000s) unless absolutely necessary as most don't have SMS yet. I ended up installing a certificate without an intermediate CA from RapidSSL and it works as before. </P><P></P><P>I had a TAC case open but this only came to the conclusion that the new certificate was the problem. </P><P></P><P>Has anyone else got this working or is this unsupported?</P><P></P><P></P> Sat, 03 Jul 2021 23:06:06 GMT https://community.cisco.com/t5/wireless/ssl-problems-with-verisign-certificates/m-p/971278#M68713 patrickdonlon 2021-07-03T23:06:06Z https://community.cisco.com/t5/wireless/ssl-problems-with-verisign-certificates/m-p/971279#M68714 <HTML><HEAD></HEAD><BODY><P>The problem is that Verisign gave you a chained cert. They will stop issuing root unchained certs in the end of September. So your best bet is to go with RapidSSL or if you really want a Verisign cert, is to call them and request one. They will tell you that they will no longer support it in the future. </P><P></P><P>The WLC doesn't support any chained certs only root CA unchained certs.</P><P></P><P>Hope this helps.</P></BODY></HTML> Tue, 01 Jul 2008 10:26:38 GMT https://community.cisco.com/t5/wireless/ssl-problems-with-verisign-certificates/m-p/971279#M68714 Scott Fella 2008-07-01T10:26:38Z https://community.cisco.com/t5/wireless/ssl-problems-with-verisign-certificates/m-p/971280#M68715 <HTML><HEAD></HEAD><BODY><P>I got in touch with Verisign and have now been issued with unchained certs. They also said end of Sept is when they stop doing this.</P><P></P><P>I wonder if Cisco is working on integrating this into the WLC? </P></BODY></HTML> Mon, 07 Jul 2008 07:12:43 GMT https://community.cisco.com/t5/wireless/ssl-problems-with-verisign-certificates/m-p/971280#M68715 patrickdonlon 2008-07-07T07:12:43Z https://community.cisco.com/t5/wireless/ssl-problems-with-verisign-certificates/m-p/971281#M68716 <HTML><HEAD></HEAD><BODY><P>The only thing with this is that the wlc has to be able to look up and verify the chained cert. So far, I haven't heard that they will support this since you can get unchained root certs.</P></BODY></HTML> Mon, 07 Jul 2008 10:10:19 GMT https://community.cisco.com/t5/wireless/ssl-problems-with-verisign-certificates/m-p/971281#M68716 Scott Fella 2008-07-07T10:10:19Z https://community.cisco.com/t5/wireless/ssl-problems-with-verisign-certificates/m-p/971282#M68717 <HTML><HEAD></HEAD><BODY><P>I have solved one problem and it seems created even more. The XP clients in more than one country can't authenticate unless they uncheck the validate certificate option. </P><P></P><P>Does this mean the cert is not correctly installed on the ACS server?</P><P></P><P>I've been sent screen shots of the client config and they would accept a cert when it was configured. Is this normal or is again a server issue?</P><P></P></BODY></HTML> Tue, 08 Jul 2008 18:56:13 GMT https://community.cisco.com/t5/wireless/ssl-problems-with-verisign-certificates/m-p/971282#M68717 patrickdonlon 2008-07-08T18:56:13Z https://community.cisco.com/t5/wireless/ssl-problems-with-verisign-certificates/m-p/971283#M68718 <HTML><HEAD></HEAD><BODY><P>No... check the client side, they might have to check one of the the Trusted Root Certification Authorities.</P></BODY></HTML> Tue, 08 Jul 2008 19:52:48 GMT https://community.cisco.com/t5/wireless/ssl-problems-with-verisign-certificates/m-p/971283#M68718 Scott Fella 2008-07-08T19:52:48Z https://community.cisco.com/t5/wireless/ssl-problems-with-verisign-certificates/m-p/971284#M68719 <HTML><HEAD></HEAD><BODY><P>Just thought I'd follow up on this one, it turned out the Rapid SSL wasn't trusted on the clients, probably as it was a month trial. The Verisign unchained cert fixed the last of the problems,</P><P>Thanks</P><P>Patrick</P></BODY></HTML> Tue, 15 Jul 2008 13:49:51 GMT https://community.cisco.com/t5/wireless/ssl-problems-with-verisign-certificates/m-p/971284#M68719 patrickdonlon 2008-07-15T13:49:51Z