cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1965
Views
0
Helpful
9
Replies

Internal Splash Page Certificate on AIR-AP1832I

Amrich
Level 1
Level 1

Hello All,

 

I deployed a wireless network on AIR-AP1832I-R-K9, firmware version 8.7.102.0, in the mode Mobility Express.

When users log on, they go to the internal authentication page to enter their login and password.

What certificate should be used for this page, and should it be additionally specified in the WLAN settings?


In the documentation I found a description of how to add certificates, but I did not find any description or purpose.

 

I will be grateful for the help, or the link to the necessary manual.

2 Accepted Solutions

Accepted Solutions

You generate the certificate the same way you generate any web server certificate from a public certificate provider (eg. Digicert).
Regarding how to update it, I've never worked with ME so not sure but these are instructions for a regular WLC so I'd expect it to be similar if supported at all (maybe you have no choice but to use the built-in self-signed cert on ME?):
https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/109597-csr-chained-certificates-wlc-00.html#anc14
Regards
Rich

View solution in original post

Hi Amrich,

 

Try using this command on the WLC CLI to create a host-name for Virtual IP Address. Reboot will be required.

 

config interface hostname virtual <URL.domain>

Regards,
Sathiyanarayanan Ravindran

Please rate the post and accept as solution, if my response satisfied your question:)

View solution in original post

9 Replies 9

patoberli
VIP Alumni
VIP Alumni
First of all, upgrade to 8.8.120.0. The 8.7 version has a LOT of bugs.

Regarding the certificate, I'm not sure what you exactly mean. Mobility Express by itself doesn't offer a captive portal to my knowledge, so there is no certificate needed. But if you use an ISE or CMX Connect, then you'd need to install the certificate for those servers on the servers.
More info: https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/8-8/b_cisco_mobility_express_8_8/b_cisco_mobility_express_8_8_chapter_0110.html

Or do you mean the "Internal Splash Page"? In that case I'm not sure if you can redirect the users to an URL for login instead of an IP address. If URL is possible, then you need to install a certificate which contains that URL as "Alternative Name" in the certificate. I sadly didn't find a documentation on how to do that in detail.

Yes, I'm talking about the "Internal Splash Page".

I attached a screenshot Preview Page and list of certificates offered for download.

How can I generate the necessary certificate?

You generate the certificate the same way you generate any web server certificate from a public certificate provider (eg. Digicert).
Regarding how to update it, I've never worked with ME so not sure but these are instructions for a regular WLC so I'd expect it to be similar if supported at all (maybe you have no choice but to use the built-in self-signed cert on ME?):
https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/109597-csr-chained-certificates-wlc-00.html#anc14
Regards
Rich

Thank. This instruction helped add a certificate.
However, the login and password entry page opens at https://192.0.2.1/login.html. Therefore, I get the error "The certificate of security of this web site is issued for a web site with a different address."
Is it possible to specify the address of this page using the name of my domain?

Hi Amrich,

 

Try using this command on the WLC CLI to create a host-name for Virtual IP Address. Reboot will be required.

 

config interface hostname virtual <URL.domain>

Regards,
Sathiyanarayanan Ravindran

Please rate the post and accept as solution, if my response satisfied your question:)

Thank

Thanks! It works for me

The ME manual doesn't provide any help, or I couldn't find it.
Based on the list, I suspect it would be an externally generated EAP CA Certificate, but I'm really not sure if it is supported at all.
I suggest you open a TAC.

This instruction helped me https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/109597-csr-chained-certificates-wlc-00.html# anc14
but I ran into the following problem. login page opens with ip address
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: