Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
596
Views
0
Helpful
5
Replies

Certificate on 2504 controller

langstonw
Level 1
Level 1

ā€Ž12-20-2012 09:00 AM - edited ā€Ž07-03-2021 11:15 PM

We have setup a WLC with a specific Wlan and SSID. When we created this WLAN we enabled Web auth with a redirect page. We also are using LDAP to authenticate our users. Now when client machines connect to the SSID it is prompting them for a certificate. The page is  pointing https://1.1.1.1. how can we add a ceritificate so this message will go away? On the 2504 underneath Security, I see certificate and LSC. Can we use an internal CA server?

Labels:
0 Helpful
5 Replies 5

Stephen Rodriguez
Cisco Employee
Cisco Employee

ā€Ž12-20-2012 09:08 AM

Yes you can use your own CA, but then you would need to provide your Root cert to them.  You can also purchase one from one of the well known CA.

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00806e367a.shtml

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
0 Helpful

Scott Fella
Hall of Fame
Hall of Fame

ā€Ž12-20-2012 09:08 AM

Here is one way

http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080a77592.shtml

Or else if your running v7.2 or newer, you can disable the https for the WLC CLI

config network web-auth secure web disable

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
0 Helpful

Scott Fella
Hall of Fame
Hall of Fame

ā€Ž12-20-2012 09:09 AM

I wouldn't use your internal root CA, because guest users will not trust your CA. That is why it's best to upload a 3rd party trusted cert.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
0 Helpful

langstonw
Level 1
Level 1
In response to Scott Fella

ā€Ž12-20-2012 10:02 AM

the only part that i am not clear about is the cerfiticate itself.

from this article:

http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080a77592.shtml

in step 3 when generating a CSR:

Note:

It is important that you provide the correct Common Name. Ensure that the host name that is used to create the certificate (Common Name) matches the Domain Name System (DNS) host name entry for the virtual interface IP on the WLC and that the name exists in the DNS as well. Also, after you make the change to the VIP interface, you must reboot the system in order for this change to take effect.

if the browser redirects to http://1.1.1.1 how can you perform this step

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to langstonw

ā€Ž12-20-2012 10:17 AM

You create a certificate using for example this FQDN: guestwifi.yourdomain.com.  Then in DNS, you need to resolve that FQDN to the VIP which you have as 1.1.1.1.  Now the DNS server that has to have this entry is the DNS sever that the users will be getting through dhcp.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card