The reason you get the certificate security warning is b/c the WLCs have a self signed certificate that a client's browser will not know about. To deal with that warning, you have a few options:
1. Leave it as is and let the users know that seeing that is OK
2. Disable HTTPs on the controller - almost no one picks this b/c it is a global change so even admin logins will be unencrypted.
3. Install a valid root or chained certificate on the controller from an Internet CA:
a. Use a root certificate from a CA like Entrust. You would have the certificate issued for whatever DNS name you want to give the virtual interface IP address of the controller. You will also need to have a host entry in the local DNS server for that same name and point to the address of the virtual interface. Under the virtual interface configuration on the controller, you would enter the DNS hostname you set up in local DNS. It needs to be the FQDN. YOU MUST REBOOT for that to take effect.
If you do not wish for the guest users to have access to your internal DNS servers, you could have a Linux or other free DNS server on the guest network and have the guest clients use that for DNS. All that server would require is the A record for the virtual interface and then have it point to your ISP or Internet DNS servers for everything else.
b. Use a chained certificate. This is more work than using a root certificate b/c your final pem file must have all the intermediate certificates in it as well as the certificate issued to you. Other than having multiple certs in the final file, the process is the same as using a root certificate. Please note that only up to level 2 chained certs are supported:
Level 0 - use of only a server certificate on WLC
Level 1 - use of server certificate on WLC and a CA Root Certificate
Level 2 - use of server certificate on WLC, one single CA intermediate certificate and a CA Root Certificate.
Level 3 or higher is not supported
Level 3 - use of server certificate on WLC, two CA intermediate certificates and a CA Root Certificate.
Hello, I am in a situation where I need to rename a huge number of APs which wouldn't be feasible from the GUI. I spent a lot of time trying and searching for a how-to but to no avail!The commands listed under 'ap' don't include a rename! Is the...
I work for an MSP and also do sales into some enterprise clients, I have a client with 4x 3602 APs and another 17x 3702 APs ready to be installed.A colleague of his told him he needs a wireless controller now, he wants to know if that is a requirement, or...
Hello everyone! I'm a beginner in the Wireless world and I want to change most AP names in my topoloogy while using Cisco Prime 3.3 (100+ devices). To achieve this I believe I need to: 1) Export a csv with the APs I want to modify.2) Modify thei...
Hi All- A colleague of mine grabbed a 3702i that I have configured as a workgroup bridge and hung it in the ceiling. I can get to it via ssh / http. Any chance I can convert it to capwap in place. Advice on the procedure.would be a...