The reason you get the certificate security warning is b/c the WLCs have a self signed certificate that a client's browser will not know about. To deal with that warning, you have a few options:
1. Leave it as is and let the users know that seeing that is OK
2. Disable HTTPs on the controller - almost no one picks this b/c it is a global change so even admin logins will be unencrypted.
3. Install a valid root or chained certificate on the controller from an Internet CA:
a. Use a root certificate from a CA like Entrust. You would have the certificate issued for whatever DNS name you want to give the virtual interface IP address of the controller. You will also need to have a host entry in the local DNS server for that same name and point to the address of the virtual interface. Under the virtual interface configuration on the controller, you would enter the DNS hostname you set up in local DNS. It needs to be the FQDN. YOU MUST REBOOT for that to take effect.
If you do not wish for the guest users to have access to your internal DNS servers, you could have a Linux or other free DNS server on the guest network and have the guest clients use that for DNS. All that server would require is the A record for the virtual interface and then have it point to your ISP or Internet DNS servers for everything else.
b. Use a chained certificate. This is more work than using a root certificate b/c your final pem file must have all the intermediate certificates in it as well as the certificate issued to you. Other than having multiple certs in the final file, the process is the same as using a root certificate. Please note that only up to level 2 chained certs are supported:
Level 0 - use of only a server certificate on WLC
Level 1 - use of server certificate on WLC and a CA Root Certificate
Level 2 - use of server certificate on WLC, one single CA intermediate certificate and a CA Root Certificate.
Level 3 or higher is not supported
Level 3 - use of server certificate on WLC, two CA intermediate certificates and a CA Root Certificate.
Hi, I would like to setup a Palo Alto firewall between cisco WLC and APs to control some traffic. Anyone can share some idea for this? or send link in order to know what I need to pay attention to? Thank you very much.
If you are using UNII-2 Ext channels, is there a way to get DFS notices in the WLC log? I thought they showed up there by default, but I just found DFS pauses in the logs on several APs, and there was nothing in the WLC log about it. I've logg...
I have configured a Hotspot portal and auth policies on ISE. A new client is successfully redirected to the portal and added to the GuestEndpoints group after accepting the policy. However, the client stays in Webauth Pending state on the 9800 WLC.After d...
Hello I'm configuring a new 9800 from Zero and I created two WLANS, one for laptops and one for celphone, where each one have access to Internet. The problem I'm seeing is that my Clients connected to Cellphone WLAN are re joining the same WLAN...
Hello Everyone, We have a DC Link saturation and when we checked where is the source of thi we found the CAPWAP Communication that make this happen We have WLC SSO AIR-CT7510-K9 that manage 300 Flexconnect APs ( 2600...