Based on the "1.1.1.1" IPv4

christopher.minner · ‎11-21-2016

Hello,

Some of our clients on Apple Devices have switched to a new third party mobile manager known as EMM. Our IT group does not manage this software and some of the phones are getting a "Cannot Verify Server Identity. The identity of "1.1.1.1" cannot be verified by Wi-Fi." Again, this is only happening on some of the phones and I wasn't sure if this was related to the fact that we are not using a trusted third party for our SSL cert. Currently, we are using the internal Cert provided by the WLC itself. Could anyone attest to this being a possible solution? My initial thoughts are yes, but why would only some of the devices be rejecting the guest Wi-Fi?

Freerk Terpstra · ‎12-22-2016

Based on the "1.1.1.1" IPv4 address I assume you use the guest portal of the WLC itself (WebAuth feature). Do guests need to enter their credentials on this portal or is it just a disclaimer page which they need to accept? If it is a disclaimer, it might be an option to use the "non secure WebAuth" setup which means that the shown webpage/redirect will be just HTTP and not HTTPS.

The more elegant option is to register a FQDN (for example: guests.yourcompany.extension) and arrange a public signed certificate for it which needs to be installed on the WLC. This FQDN needs to configured on the virtual interface of the WLC so users will be redirected to that instead of the configured IPv4 address. Make sure that the used DNS servers have a record for this FQDN pointing to the configured IPv4 address of the virtual interface of the WLC (in your case 1.1.1.1, best practice is to use 192.0.2.1).

The procedure to get a public certificate installed on the WLC has been documented in detail in this document.

Please rate useful posts... :-)

Cannot Verify Server Identity on Guest WiFi