08-25-2010 10:55 PM - edited 07-03-2021 07:07 PM
Hi All,
There're some different kind of certificates in the WLC, I'm a bit confused. Is there any document give them a summarization? For example, can some of the certs share the same cert?
1. HTTPS has a SSL cert(CN=169.254.1.1)
2. Web-Auth has a SSL cert(CN=1.1.1.1)
3. LSC (X.509 cert)
4. IPSec CA cert
5. IPSec ID Cert
I guess 1 and 2 can share the same SSL cert, however I don't know what the CN should be looked like when generate CSR to CA(Web-Auth should use virtual gw IP, HTTPS should use management IP).
Thanks for any input!
09-01-2010 07:02 AM
Hi
We retain the Cisco certificate for use on the HTTPS admin interface.
We install a 3rd party cert for use on our web authentication:
http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080a77592.shtml
We haev the 3rd party cert tied to a hostname, which resolves to 1.1.1.1 currently, as as and when someone eventually uses 1.1.1.1 as a publically routable address, we can just to a quick DNS change and we will be unaffected.
09-01-2010 04:28 PM
Thanks for the info, my friend!
From our field engineer's feedback, the HTTPS cert for admin and the Web-Auth cert can share the same SSL cert, the condition is that to create a record in the local DNS server, in this record, one DNS name maps to two IP addresses(Virtual Gateway IP and WLC Management IP), then use this DNS name as CN to generate the SSL cert. Currently there's no bug or potential risk found. Everything works fine.
For all the other 3 kind of certs, it seems can't share. LSC is for regenerating AP/WLC X.509 cert(mutual auth during join process), never tested it, don't know how it behaves. IPSec cert seems can be used in:
1. Radius connection(not tested, don't know which Radius server can support IPSec)
2. Secure Mobility(UDP 16667)
3. VPN termination in WLAN profile(it seems only very old versions support it, 4.0, etc)
Anyway, it seems a lot of certs needed, customers are not happy for it since they have to pay more money
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide