03-11-2019 09:26 AM - edited 07-05-2021 10:02 AM
I have a Mobility Express deployment but the web portal for managing the controller is self-signed and thus untrusted. Is it possible to upload a valid certificate to the Mobility Express controller in order to securely manage it?
03-11-2019 08:23 PM
From the Mobility Express Deployment guide:
The Mobility Express controller uses a self-signed certificate for HTTPs. Therefore, all browsers display a warning message and asks whether you wish to proceed with an exception or not when the certificate is presented to the browser. Accept the risk and proceed to access the Mobility Express Wireless LAN Controller login page.
There is nothing in the deployment guide advising if it is possible to deploy a signed certificate for HTTPS management.
This is just for management of the device so wont be an issue for clients.
11-10-2019 08:12 PM
You can install a custom certificate to Mobility Express controller from CLI like on other versions of WLC.
Here an how-to: https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/109597-csr-chained-certificates-wlc-00.html
You can create a CSR request from Mobility Express CLI, but it can't create CSR with a subject alternative name (SAN), and in Google Chrome after 58 versions this certificate will be invalid. So a preferred way would be like this:
Step 1 option A
Step 2 option A or B
Step 3 CLI
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide