09-21-2018 04:26 PM - edited 07-05-2021 09:12 AM
I'm pretty sure that is the case but wanted to confirm. Even if I configure external authentication on a Cisco WLC I will still need to install a 3r party SSL cert on the WLC to get rid of the error message? There is not way to do it where the request gets forwarded to an external server and the cert is actually installed on that server and that server handles the user credentials?
Thank you.
09-24-2018 02:19 AM
If you are using something such as ISE when you say "external" authentication then you do not need to install an SSL cert on the WLC.
The trust relationship will be established between ISE and the client although it is the WLC that actually forwards the authentication messages to the ISE server.
If you are attempting to use the internal WLC web authentication page then the SSL cert needs to be on the WLC as this is ultimately where the user is landing.
09-24-2018 07:44 AM
Thank you I know that part however I was trying to see in case of using a completely different server or a 3rd party server if the WLC will require certificates still or will it work the same way it works with ISE?
09-24-2018 08:10 AM - edited 09-24-2018 08:10 AM
Hi, yes if you replace ISE with something such as NPS the functionality stays the same. The certification chain would be between the client and the authentication server.
The only time this changes is if you are using local WLC resources for authentication, eg, local web login or local web redirectn using ldap auth.
Regards
09-30-2018 01:29 PM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: