cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
188
Views
0
Helpful
3
Replies
Highlighted
Beginner

Cisco WLC captive portal with self-signed cert: Android not trusting cert even though installed in trust store

The title pretty says it all. I have the layer 3 webauth enabled on a Cisco WLC 2504 WLAN with a self-signed SSL cert. I installed the root CA cert in the Android phone under Settings > Biometrics and security > Other security settings > Install from device storage for both "VPN and apps" and "Wi-Fi". When I connect to the Wi-Fi and I get redirected to the captive portal, I get this error:

 

SSL certificate not trusted

The security certificate for this network is not from a trusted authority. We do not recommend that you connect to this network.

Buttons: Cancel / Connect

 

I verified that the certificate was installed okay because if I connect to a different Wi-Fi without the layer 3 webauth and open up Google Chrome and go to a different website that chains up to the same cert I trusted, I see a green lock icon an don't get any certificate warnings.

 

My Android device is a Samsung Galaxy S8 running Android 9, kernel 4.4.153.

Everyone's tags (3)
3 REPLIES 3
VIP Engager

Re: Cisco WLC captive portal with self-signed cert: Android not trusting cert even though installed in trust store

What happens if you open the captive portal site directly in the Chrome browser on the mobile phone? Is the certificate in that case valid?
What IP address have you chosen for the virtual interface on the WLC? It must not be a public one, like 1.1.1.1 (was written in the past in some guides).
Beginner

Re: Cisco WLC captive portal with self-signed cert: Android not trusting cert even though installed in trust store

Hi patoberli,

Thanks for reading my post and for your response. If I go to https://my-configured-hostname.com in a browser, I don't get any warnings.

 

I also changed my virtual IP address from 1.1.1.1 to 192.168.x.x, and the warning is still coming up. Thanks for all the suggestions so far!

VIP Engager

Re: Cisco WLC captive portal with self-signed cert: Android not trusting cert even though installed in trust store

Have you rebooted the WLC afterwards? I think this is needed in this specific case.
Did you open the site while connected to the guest-ssid? That is needed to test this.
CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards