01-07-2011 05:34 AM
Hello
I have set up an wlc 2125 with local eap auth which I think is working fine for now.
But I dont want it come up a certificate warning when user log in.
Can I stop this from happening without bying a certificate?
Can I turn of https all together?
Trond
Solved! Go to Solution.
01-07-2011 07:03 AM
Thank you Trond,
So here we are talking about web authentication, which does not use local EAP, so not sure whether the local EAP profile is really being triggered for that.
Clients are being prompted with a WLC's self-signed certificate, more or less in the same way as they would be if they tried to login to the WLC via HTTPS.
Similarly, the fastest way would be to install this certificate on the user's machine, so that it can trust it from that moment on.
Or you can generate a certificate signing request for the WLC, submit it to a root CA/buy a root CA signed server certificate (with the root CA trusted by the clients) and then install this certificate on the WLC:
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00806e367a.shtml
For web authentication, there is no way to switch to HTTP for the WLC's certificate validation.
Regards,
Fede
--
If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it.
01-07-2011 05:41 AM
Hi Trond,
Could you please confirm whether you are referring to the server certificate pop-up on the client when doing PEAP authentication?
If so, under the Authentication tab of the wireless card, in the PEAP settings there is a box called "validate server certificate" that you could uncheck.
If you are referring to the certificate's pop-up when trying to login to the WLC, this may be due to the fact that the WLC uses a self-signed certificate that is not yet trusted by the user.
The fastest way would be to install this certificate on the user's machine, so that it can trust it from that moment on.
You can enable/disable HTTP and HTTPS access to the WLC under MANAGEMENT > HTTP-HTTPS
Regards,
Fede
--
If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it.
01-07-2011 06:48 AM
Hello and thanks for reply.
Its not the logging in to the manager interface.
I dont have set up an radius server yet som I'm using the build in database in the wlc. The users are redirectet to a Cisco like page from the wlc's webserver where they must set in username/password. But before they come to the login page they are warned that this is a unsafe page,, certificate etc.
In our inviroment its uneseserry with https at all so the best would be to not use it, but if not I will problaby have to buy a certificate. Now every wirless user will get this warning.
Trond
01-07-2011 07:03 AM
Thank you Trond,
So here we are talking about web authentication, which does not use local EAP, so not sure whether the local EAP profile is really being triggered for that.
Clients are being prompted with a WLC's self-signed certificate, more or less in the same way as they would be if they tried to login to the WLC via HTTPS.
Similarly, the fastest way would be to install this certificate on the user's machine, so that it can trust it from that moment on.
Or you can generate a certificate signing request for the WLC, submit it to a root CA/buy a root CA signed server certificate (with the root CA trusted by the clients) and then install this certificate on the WLC:
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00806e367a.shtml
For web authentication, there is no way to switch to HTTP for the WLC's certificate validation.
Regards,
Fede
--
If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it.
01-07-2011 07:08 AM
Thanks, then I'l buy a certificate.
01-07-2011 07:13 AM
Thank you Trond, glad that we could help you out with this.
Feel free to ping us back for any further help with this setup if needed.
Regards,
Fede
--
If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: