ā12-20-2012 09:00 AM - edited ā07-03-2021 11:15 PM
We have setup a WLC with a specific Wlan and SSID. When we created this WLAN we enabled Web auth with a redirect page. We also are using LDAP to authenticate our users. Now when client machines connect to the SSID it is prompting them for a certificate. The page is pointing https://1.1.1.1. how can we add a ceritificate so this message will go away? On the 2504 underneath Security, I see certificate and LSC. Can we use an internal CA server?
ā12-20-2012 09:08 AM
Yes you can use your own CA, but then you would need to provide your Root cert to them. You can also purchase one from one of the well known CA.
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00806e367a.shtml
HTH,
Steve
------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
ā12-20-2012 09:08 AM
Here is one way
http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080a77592.shtml
Or else if your running v7.2 or newer, you can disable the https for the WLC CLI
config network web-auth secure web disable
Sent from Cisco Technical Support iPhone App
ā12-20-2012 09:09 AM
I wouldn't use your internal root CA, because guest users will not trust your CA. That is why it's best to upload a 3rd party trusted cert.
Sent from Cisco Technical Support iPhone App
ā12-20-2012 10:02 AM
the only part that i am not clear about is the cerfiticate itself.
from this article:
http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080a77592.shtml
in step 3 when generating a CSR:
Note:
It is important that you provide the correct Common Name. Ensure that the host name that is used to create the certificate (Common Name) matches the Domain Name System (DNS) host name entry for the virtual interface IP on the WLC and that the name exists in the DNS as well. Also, after you make the change to the VIP interface, you must reboot the system in order for this change to take effect.
if the browser redirects to http://1.1.1.1 how can you perform this step
ā12-20-2012 10:17 AM
You create a certificate using for example this FQDN: guestwifi.yourdomain.com. Then in DNS, you need to resolve that FQDN to the VIP which you have as 1.1.1.1. Now the DNS server that has to have this entry is the DNS sever that the users will be getting through dhcp.
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide