Solved: Re: How Make the Web Auth Certificate Warning Go Away

Abdulkader Naji · ‎06-24-2018

The issue is with wireless controller Mobility Express version 8.2.166 which is configured for guest WLAN.

the issue happen user need to access to cisco page of local web authentication page the browser is not trusting the certificate from the virtual IP of WLAN controller.

How to make the guest users access to web authentication page directly without the SSL connection.

Abdulkader Naji · ‎06-24-2018

as TAC suggested

The easiest one is to use HTTP redirect instead of HTTPs, but our suggestion to use a certificate was to get rid of that error without the need to manually choose HTTP.

View solution in original post

Scott Fella · ‎06-24-2018

You need to disable https in order to have guest portal use http. However, I believe this will also disable https/ssh for management.

-Scott
*** Please rate helpful posts ***

Abdulkader Naji · ‎06-24-2018

I just open TAC case I got this below reply

Problem Description:

WLC: 2800s ME

SW: 8.2.166.0

You would like to avoid the security warning shown when using gust network.

When using the CLI of the ME, you can use the same commands used on the normal WLC, so you can simply follow the link below, which provides a step by step procedure to do that:

https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/109597-csr-chained-certificates-wlc-00.html#anc7

https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/109597-csr-chained-certificates-wlc-00.html#anc14

I will try and revert back if it will work in my scenario

Scott Fella · ‎06-24-2018

Correct... installing a trusted cert is the preferred way. Make sure that you can setup a DNS entry for the VIP in order for this to work.

-Scott
*** Please rate helpful posts ***

Abdulkader Naji · ‎06-24-2018

as TAC suggested

The easiest one is to use HTTP redirect instead of HTTPs, but our suggestion to use a certificate was to get rid of that error without the need to manually choose HTTP.

Prkalavadia · ‎01-17-2020

Hi there,

Please can you advise me in same,

I believe we can use restart command on WLC 5520 to activate Web-authentication cert installed on WLC.

I am having two 5520 WLC in HA cluster, By giving command "Restart on self", will there be any down time for users connected to WiFi?

OR

is there any other way to activate Web-authentication cert installed on WLC without down time for users connected to WiFi?

Thanks,

Scott Fella · ‎01-17-2020

If you have SSO enabled, you can make your change on the primary, save the config and then issue a force failover. This way the active will restart and the secondary will become active. You can then configure the new active, save that config and wait until both units are up and synced before you issue another force failover. There will be no downtime as long as you restart one at a time. The primary is first because certificates are not synced in SSO.

-Scott
*** Please rate helpful posts ***

Prkalavadia · ‎02-14-2020

Hi Scott,
As per your advise, I restarted Primary which failed over to secondary and after sometime I restarted Secondary so Again Primary became Active.
During this time I continues pinged to VIP, Zero packet drop , No down time,
And Uploaded WebAuth Certificate is active now.
Many thanks for your advise.
Punit

Scott Fella · ‎02-14-2020

Glad that worked for you!

-Scott
*** Please rate helpful posts ***

iores · ‎11-12-2022

Why it is necessary to setup a DNS entry? Would it work without this?