Hello,

on my Cisco WLC 9800 dosen't work captive portal and web access (whit CLI no have problems).

I check the CA and this is the results

BS_WLC-01#show crypto pki certificates
Certificate
Status: Available
Certificate Serial Number (hex): 50968F32000000036C1C
Certificate Usage: General Purpose
Issuer:
cn=Cisco Manufacturing CA SHA2
o=Cisco
Subject:
Name: SHA2
Serial Number: PID:C9800-L-F-K9 SN:FCL240200S8
cn=SHA2
serialNumber=PID:C9800-L-F-K9 SN:FCL240200S8
CRL Distribution Points:
http://www.cisco.com/security/pki/crl/cmca2.crl
Validity Date:
start date: 14:10:11 CET Jan 16 2020
end date: 14:00:17 CET Nov 12 2037
Associated Trustpoints: CISCO_IDEVID_SUDI

Certificate
Status: Available
Certificate Serial Number (hex): 421BBA94000000061D15
Certificate Usage: General Purpose
Issuer:
cn=Cisco Manufacturing CA
o=Cisco Systems
Subject:
Name: SHA1
Serial Number: PID:C9800-L-F-K9 SN:FCL240200S8
cn=SHA1
serialNumber=PID:C9800-L-F-K9 SN:FCL240200S8
CRL Distribution Points:
http://www.cisco.com/security/pki/crl/cmca.crl
Validity Date:
start date: 14:07:54 CET Jan 16 2020
end date: 22:25:42 CEST May 14 2029
Associated Trustpoints: CISCO_IDEVID_SUDI_LEGACY

CA Certificate
Status: Available
Certificate Serial Number (hex): 02
Certificate Usage: Signature
Issuer:
cn=Cisco Root CA M2
o=Cisco
Subject:
cn=Cisco Manufacturing CA SHA2
o=Cisco
CRL Distribution Points:
http://www.cisco.com/security/pki/crl/crcam2.crl
Validity Date:
start date: 14:50:58 CET Nov 12 2012
end date: 14:00:17 CET Nov 12 2037
Associated Trustpoints: CISCO_IDEVID_SUDI Trustpool

CA Certificate
Status: Available
Certificate Serial Number (hex): 01
Certificate Usage: Signature
Issuer:
cn=Cisco Root CA M2
o=Cisco
Subject:
cn=Cisco Root CA M2
o=Cisco
Validity Date:
start date: 14:00:18 CET Nov 12 2012
end date: 14:00:18 CET Nov 12 2037
Associated Trustpoints: CISCO_IDEVID_SUDI0 Trustpool

CA Certificate
Status: Available
Certificate Serial Number (hex): 6A6967B3000000000003
Certificate Usage: Signature
Issuer:
cn=Cisco Root CA 2048
o=Cisco Systems
Subject:
cn=Cisco Manufacturing CA
o=Cisco Systems
CRL Distribution Points:
http://www.cisco.com/security/pki/crl/crca2048.crl
Validity Date:
start date: 00:16:01 CEST Jun 11 2005
end date: 22:25:42 CEST May 14 2029
Associated Trustpoints: CISCO_IDEVID_SUDI_LEGACY Trustpool

CA Certificate
Status: Available
Certificate Serial Number (hex): 5FF87B282B54DC8D42A315B568C9ADFF
Certificate Usage: Signature
Issuer:
cn=Cisco Root CA 2048
o=Cisco Systems
Subject:
cn=Cisco Root CA 2048
o=Cisco Systems
Validity Date:
start date: 22:17:12 CEST May 14 2004
end date: 22:25:42 CEST May 14 2029
Associated Trustpoints: CISCO_IDEVID_SUDI_LEGACY0 Trustpool

CA Certificate
Status: Available
Certificate Serial Number (hex): 40BA483FAB8FD3654C262F7A6E3569E8C77C0B57
Certificate Usage: General Purpose
Issuer:
cn=dnac.unicatt.it
ou=SSIT
o=unicatt
l=Milan
st=Italy
c=IT
Subject:
cn=dnac.unicatt.it
ou=SSIT
o=unicatt
l=Milan
st=Italy
c=IT
Validity Date:
start date: 17:25:29 CET Nov 2 2022
end date: 17:25:29 CET Nov 2 2023
Associated Trustpoints: DNAC-CA
Storage: nvram:dnacunicatti#B57CA.cer

Certificate
Status: Available
Certificate Serial Number (hex): 02
Certificate Usage: General Purpose
Issuer:
cn=IOS-CA
Subject:
Name: BS_WLC-01.unicatt.it
hostname=BS_WLC-01.unicatt.it
cn=IOS-Self-Signed-Certificate-1349840721
Validity Date:
start date: 16:23:43 CEST Sep 20 2021
end date: 16:23:43 CEST Sep 20 2022
Associated Trustpoints: TP-self-signed-1349840721
Storage: nvram:IOS-CA#2.cer

CA Certificate
Status: Available
Certificate Serial Number (hex): 01
Certificate Usage: Signature
Issuer:
cn=IOS-CA
Subject:
cn=IOS-CA
Validity Date:
start date: 16:17:59 CEST Sep 20 2021
end date: 16:17:59 CEST Sep 19 2024
Associated Trustpoints: TP-self-signed-1349840721 IOS-CA
Storage: nvram:IOS-CA#1CA.cer

CA Certificate
Status: Available
Certificate Serial Number (hex): 01
Certificate Usage: Signature
Issuer:
cn=Cisco Licensing Root CA
o=Cisco
Subject:
cn=Cisco Licensing Root CA
o=Cisco
Validity Date:
start date: 21:48:47 CEST May 30 2013
end date: 20:48:47 CET May 30 2038
Associated Trustpoints: Trustpool SLA-TrustPoint
Storage: nvram:CiscoLicensi#1CA.cer

and thi is the configuration of crypto CA

crypto pki server IOS-CA
database level complete
no database archive
grant auto
!
crypto pki trustpoint SLA-TrustPoint
enrollment terminal
revocation-check crl
!
crypto pki trustpoint sdn-network-infra-iwa
revocation-check crl
!
crypto pki trustpoint IOS-CA
revocation-check crl
rsakeypair IOS-CA
!
crypto pki trustpoint TP-self-signed-1349840721
enrollment url http://172.30.22.21:80
subject-name cn=IOS-Self-Signed-Certificate-1349840721
revocation-check none
rsakeypair TP-self-signed-1349840721
!
crypto pki trustpoint DNAC-CA
enrollment mode ra
enrollment terminal
usage ssl-client
revocation-check crl none
source interface Loopback0

We try to restart and to insert the command

No ip http server

No ip http secure-server

Ip http server

ip http secure-server

exit

Someone have an idea were is the problem?

Thanks