06-10-2014 04:01 AM - edited 07-05-2021 12:58 AM
Hello,
SSL Certificate Error received before and after Web Auth banner page when users try to access the Internet.
Is there a way to change the WebAuth to use http instead of https ?
06-10-2014 05:20 AM
If you are running 7.2 or newer code you can do it very simply. You just need to issue the command:
config network web-auth secureweb disable
HTH,
Steve
06-10-2014 06:15 AM
We have version 7.0.116.0.
Is that command to disable WebAuth ?
We need the banner pager for logging purposes but don't want to get SSL Security messages.
As WebAuth use https thought it may be easier to use http instead ?
Jay
06-10-2014 06:20 AM
No, it doesn't disable webauth, it just stops it from needing to use HTTPS.
For 7.0 you need to disable HTTPS for management totally.
http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/115951-web-auth-wlc-guide-00.html#httpnots
But I would just upgrade to newer code if your AP's will support being there.
HTH,
Steve
06-10-2014 06:30 AM
Sorry what is the issue if I don't upgrade ? will APs issue another error ?
I have never done the upgrade so not sure if its quick or needs a lot of work.
Thanks
06-10-2014 06:36 AM
if you don't upgrade, the management of the WLC will not be SSL encrypted. Some people don't want the management unencrypted.
And 7.0.116 is pretty old as well. Take a look at the release notes for 7.4 code and see if you like the features/bug fixes.
Steve
06-10-2014 06:42 AM
Ok great many thanks !
06-17-2014 08:46 AM
The client's don't need to download the certificate. they need to have a trust of the root authority that issues it. So if you use a well known authority, they should have that trust by default
HTH,
Steve
06-17-2014 08:50 AM
We have client users roaming to UK from US and other countries using our WiFI how do you determine the well known authority ? We cant check every device so was not sure which certificate to go for ?.
06-17-2014 08:58 AM
I've not heard that it matters country to country. more of an OS thing.
But if you stick with Verisign, Thawte, even GoDaddy now a days you should be fine.
Steve
06-17-2014 09:07 AM
Ok great I will try and come back in a weeks time to confirm.
06-17-2014 08:41 AM
Hi Steve,
I think instead of upgrading and disabling https they want us to install a certificate.
If I go out and buy a certificate and install on WLC will all clients get this certificate automatically ?
Are there likely to be any issues still ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide