Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6085
Views
21
Helpful
2
Replies

Help Understanding WebAuth and WebAdmin Certificates in Relation t 5520 WLC

RBenke
Level 1
Level 1

‎01-31-2019 09:04 AM - edited ‎07-05-2021 09:47 AM

What I want to achieve: When I use a web browser to connect to my 5520 WLC for remote admin purposes, I want the browser to not say "Not Secure". In other words, I need https to work, whereas currently it is not because the existing certificate is SHA1.

 

What I stupidly did: Used the GUI to generate CSR WebAuth, at the direction of someone who I thought knew what they were talking about. Though the WLC allowed me to do this via the GUI, there was no resulting output from the WLC. I'm concerned about what may have happened behind the scenes. Will this have a negative impact on my wireless users the next time I reboot the WLC? I see dire warnings in Cisco's literature about how you must install the certificate if you performed a CSR request, but the WLC seems to have ignored the fact that I even went through the steps. Am I in trouble? Pertinent detail: The 5520 is running 8.3.x.

 

Every document I've read on the subject of WebAuth versus WebAdmin assumes the reader already knows the difference between these two terms. Even documents that attempt to define them assume prerequisite knowledge that I don't posses. Can someone give me a brief, low-level explanation of the **functional** difference between the two ? Which do I need in order to achieve the goal I stated at the beginning of this post?

 

Thanks.

Labels:
0 Helpful
2 Replies 2

Flavio Miranda
VIP
VIP

‎01-31-2019 11:03 AM

Hi

 Webauth is the process used to authenticate wireless device through a web portal. this can be internal or external depending on your environment.  

 Webauth certificate is required for internal web auth and for external web auth with CWA.  External web auth with ISE, for example, is not necessary as the WLC does not present its web interface. 

 

WebAdmin is the WLC admin interface used to manage the system. 

 

 Very good material you can find here. 

 

https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/109597-csr-chained-certificates-wlc-00.html

 

 

-If I helped you somehow, please, rate it as useful.-

pjweintraub0206
Level 1
Level 1

‎01-14-2021 07:59 AM

Did you ever get your answer to your question?  Flavio above explained the difference between the two words (webadmin and webauth).  But you were concerned with generating the CSR through the GUI and there was no output.  On the page where you generated the CSR (Security-> Certificate -> CSR), there was a note at the bottom which states: Download CSR certificate file at Commands-> Upload File -> CSR Certificate once CSR is generated here. You upload to a TFTP or FTP server and then use that file to request your certificate from 3rd party CA.  Just remember NOT to reboot the WLC before you get the new signed certificate, and install it.  You can also do this through CLI and then you can copy the output and paste into a text file.  The CLI command will have the same required fields but it's all typed in the same command.  Example:  (WLC) > config certificate generate csr-webadmin {2 letter country code} {state} {city} {organization} {department} {common name} {email} 

This is 2 years after your question was asked, but hopefully this is informational to future people looking for an answer.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card