Solved: What is everyone using for a SSL Cert on the Wireless Controller?

WaynePlotkin · ‎05-30-2008

If I use the locally generated SSL cert on my WLC Internet Explorer always shows the "Untrusted cert warning" when users try to authenticate via the web interface. What can I do to resolve this do I need to buy a cert? If so where is the best and cheapest place to do this? GoDaddy???? Also, I purchased one for my mail server and had to specify a domain name during the process. What would I use for my WLC? The URL during the web authentication process show https://1.1.1.1

Scott Fella · ‎05-30-2008

RapidSSL is your best bet. It is less than 90 bucks for 1 year with insurance and renewal. 5 years is like 380 bucks. GoDaddy will not work since they use chained certificates.

On the VIP, you would enter the DNS Domain Name as what you used on the certificate CN when generating a csr. Of course, you will have to resolve the CN name to 1.1.1.1 or change the 1.1.1.1 to another ip address that is not on your network. Reboot the wlc and your done.

-Scott
*** Please rate helpful posts ***

View solution in original post

Scott Fella · ‎05-30-2008

RapidSSL is your best bet. It is less than 90 bucks for 1 year with insurance and renewal. 5 years is like 380 bucks. GoDaddy will not work since they use chained certificates.

On the VIP, you would enter the DNS Domain Name as what you used on the certificate CN when generating a csr. Of course, you will have to resolve the CN name to 1.1.1.1 or change the 1.1.1.1 to another ip address that is not on your network. Reboot the wlc and your done.

-Scott
*** Please rate helpful posts ***

jeromehenry_2 · ‎05-30-2008

Another solution is to connect to your controller over a safe connection (local switch) you trust, and install the self signed certificate... You know it's your controller certificate, it's self generated, you trust the link to it so you install it on your PC...

WaynePlotkin · ‎05-30-2008

The post by fella5 solved my problem with getting me the correct SSL Cert and this pdf document on the Cisco website showed me how to convert the cert and install it to the WLC.

http://www.cisco.com/application/pdf/paws/70584/csr_wlc.pdf

Thanks - fella5 you have been extremely helpful to me!

Scott Fella · ‎05-30-2008

Glad to help!

-Scott
*** Please rate helpful posts ***

BRYN JONES · ‎09-01-2008

Hi

We had issues with chained certificates and after pressing Cisco go the following response:

'just had confirmation from the Business Unit that the Chained Certs feature did make the 5.1 release, its just not been documented in the release notes.

These are now being updated, but FYI

5.1 for Web-Auth

5.1 MR1 (Maintenance Release 1) for 802.1X'

Seems that 5.1 WiSM s/w does do chained certs, they just forgot to tell us!

Scott Fella · ‎09-01-2008

5.1 does support chained certs, but the cost of a verisign chained cert was expensive compared to an unchained cert from RapidSSL. So is the installation of the chained cert the same as an unchained, or do you have to add the intermediate CA's?

-Scott
*** Please rate helpful posts ***