Comprar o Renovar
Comprar o Renovar
cancelar
Activar sugerencias
La sugerencia automática le ayuda a obtener, de forma rápida, resultados precisos de su búsqueda al sugerirle posibles coincidencias mientras escribe.
Mostrando los resultados de 
Buscar en lugar de 
Quiere decir: 
cancel
Iniciar una conversación
563
Visitas
3
ÚTIL
7
Respuestas

SSID certificate error with 802.1x WLC C9800-CL

Electronic20
Spotlight
Spotlight

el ‎09-30-2023 01:32 PM

Hi Community:

I have an SSID "SURA-PERU" configured en WLC C9800-CL integrated with ISE, when users connect to their devices with O.S. Windows does not have a certificate problem.

But when the user connects to his device with O.S. MAC exits certificate warning, but exits on behalf of ISE server, I show image.

Electronic20_0-1696105491102.png

How can I stop the WLC C9800-CL from showing that message? since it shows the name of the ISE server and for security reasons it should not be shown.

Your kind support

 

 

Etiquetas:
0 Útil
7 RESPUESTAS 7

balaji.bandi
Hall of Fame
Hall of Fame

el ‎09-30-2023 03:28 PM

is this cert singled by valid CA or internal CA ? (if this is Internal CA you get this warning - since not in English i dont know the message that warning)

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Útil

Electronic20
Spotlight
Spotlight
En respuesta a balaji.bandi

el ‎10-01-2023 09:55 AM

Hi @balaji.bandi 

A do not show message is simply needed on MAC equipment. Would there be a configuration option on the C9800-CL WLC so that this message is not displayed?

0 Útil

balaji.bandi
Hall of Fame
Hall of Fame
En respuesta a Electronic20

el ‎10-01-2023 10:05 AM

The root Cert need to be trusted by end device.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Karsten Iwen
VIP
VIP

el ‎10-01-2023 04:00 AM

This message is displayed if the ISE certificate is not trusted by the client device. In this case the user has to make a decision if it is right to trust it. For this decision the user has to see which certificate is presented. So it is important to show this information.

And because a user typically can't judge if it is ok or not to accept a certificate warning, the better way would be to make sure that the user never sees a warning like this. For example by pushing a supplicant config by MDM, similar as you do it for your Windows PCs with a GPO.

Electronic20
Spotlight
Spotlight
En respuesta a Karsten Iwen

el ‎10-01-2023 09:57 AM

Hi @Karsten Iwen 

Thanks for the alternative solution.

But will there be an option in the configuration of the WLC C9800-CL so that it does not show that message on MAC devices?

0 Útil

Karsten Iwen
VIP
VIP
En respuesta a Electronic20

el ‎10-01-2023 01:05 PM

The WLC has nothing to do with this. What you are basically asking for is that an attacker should have the possibility to tell the browser not to show a certificate warning when he spoofs the banking website that you are accessing. Make sure that the ISE’s certificate is trusted for .1X and you are good.

Karsten Iwen
VIP
VIP
En respuesta a Electronic20

el ‎10-01-2023 01:56 PM

Dot1xProfile from ermitacode can help you build supplicant profiles for Mac Users if there is no MDM:

https://www.ermitacode.com/dot1xprofile/

 

0 Útil

Navegue y encuentre contenido personalizado de la comunidad

Videos de R&S Documentos de R&S Blogs de R&S
Customers Also Viewed These Support Documents