hi,

my virtual interface ip is 1.1.1.1

Does upgrading the software to 8.2.170 or 8.3 fixes the issue?

Thanks

No, this is a safety feature of newer Chrome based browsers. You need to change your virtual interface IP Address to a private one, for example 192.0.2.254.

Hi Patoberli,

Thanks, will give this a try and let you know. Will this need to be done after hours or can be done during business hours without breaking any connection?

Cheers

The MIC in WLC will expire on 2025.

Certificate Name: Cisco SHA1 device cert

Subject Name :
C=US, ST=California, L=San Jose, O=Cisco Systems, CN=AIR-CT2504-K9-dceb94954f80, emai lAddress=support@cisco.com
Issuer Name :

--More-- or (q)uit
O=Cisco Systems, CN=Cisco Manufacturing CA
Serial Number :
66EFC96400000009E09D
Validity :
Start : Jul 20 06:03:16 2015 GMT
End : Jul 20 06:13:16 2025 GMT
Signature Algorithm :
sha1WithRSAEncryption
Hash key :
SHA1 Fingerprint : 4f:04:96:90:c3:63:1e:27:53:df:90:31:90:62:6f:8b:69:34:f0:e3
MD5 Fingerprint : 64:5e:d6:04:ac:f1:77:27:24:6a:49:7f:b1:d2:30:ca

Hi,

Changed the virtual IP to 192.0.2.254 didn't work for me. Strange the certificate details still is pointing to 1.1.1.1

I have attached the capture for reference.

I have regenerated a new certificate from WLC but still doesn't work. Steps below.

Security>Web Auth>Certificate>Regenerate Certificate>Reboot WLC

needs to be a public cert, not a self signed certificate.

https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/109597-csr-chained-certificates-wlc-00.html

Noted thanks @patoberli but the RFC (which is still draft not standard) does say

These blocks are not for local use

so they should not actually be deployed in networks, even privately.

But granted that using them in the same way as RFC1918 is unlikely to cause any problems within a private network.

Regardless of that the problem here is with the cert not the IP - it needs a resolvable DNS name with a matching PUBLIC (not self signed) cert.