cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
589
Views
0
Helpful
4
Replies

External Auth Question

ALIAOF_
Level 6
Level 6

I'm pretty sure that is the case but wanted to confirm.  Even if I configure external authentication on a Cisco WLC I will still need to install a 3r party SSL cert on the WLC to get rid of the error message?  There is not way to do it where the request gets forwarded to an external server and the cert is actually installed on that server and that server handles the user credentials?

 

Thank you.

4 Replies 4

Mikey Boy
Level 1
Level 1

If you are using something such as ISE when you say "external" authentication then you do not need to install an SSL cert on the WLC.

 

The trust relationship will be established between ISE and the client although it is the WLC that actually forwards the authentication messages to the ISE server.

 

If you are attempting to use the internal WLC web authentication page then the SSL cert needs to be on the WLC as this is ultimately where the user is landing. 

Thank you I know that part however I was trying to see in case of using a completely different server or a 3rd party server if the WLC will require certificates still or will it work the same way it works with ISE?

Hi, yes if you replace ISE with something such as NPS the functionality stays the same. The certification chain would be between the client and the authentication server.

 

The only time this changes is if you are using local WLC resources for authentication, eg, local web login or local web redirectn using ldap auth.

 

Regards

Thank you I'll test this out and post back the results.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: