cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1320
Views
5
Helpful
11
Replies

WLC 5500 Web Auth - Certificate Error

j44mistry
Level 1
Level 1

Hello,

SSL Certificate Error received before and after Web Auth banner page when users try to access the Internet.

 

Is there a way to change the WebAuth to use http instead of https ?

 

 

11 Replies 11

Stephen Rodriguez
Cisco Employee
Cisco Employee

If you are running 7.2 or newer code you can do it very simply. You just need to issue the command:

config network web-auth secureweb disable

HTH,

Steve

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

 

We have version 7.0.116.0.

 

Is that command to disable WebAuth  ?

 

We need the banner pager for logging purposes but don't want to get SSL Security messages.

 

As WebAuth use https thought it may be easier to use http instead ?

 

Jay

No, it doesn't disable webauth, it just stops it from needing to use HTTPS.

 

For 7.0 you need to disable HTTPS for management totally.

http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/115951-web-auth-wlc-guide-00.html#httpnots

 

But I would just upgrade to newer code if your AP's will support being there.

 

HTH,

Steve

 

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

 

Sorry what is the issue if I don't upgrade ?   will APs issue another error ?

I have never done the upgrade so not sure if its quick or needs a lot of work.

 

 

Thanks

if you don't upgrade, the management of the WLC will not be SSL encrypted. Some people don't want the management unencrypted.

 

And 7.0.116 is pretty old as well.  Take a look at the release notes for 7.4 code and see if you like the features/bug fixes.

 

Steve

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

 

Ok great many thanks !

The client's don't need to download the certificate. they need to have a trust of the root authority that issues it. So if you use a well known authority, they should have that trust by default

 

HTH,

Steve

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

 

We have client users roaming to UK from US and other countries using our WiFI how do you determine the well known authority ?       We cant check every device so was not sure which certificate to go for ?.

 

 

I've not heard that it matters country to country. more of an OS thing.

But if you stick with Verisign, Thawte, even GoDaddy now a days you should be fine.

 

Steve

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

Ok great I will try and come back in a weeks time to confirm.

 

 

Hi Steve,

 

I think instead of upgrading and disabling https they want us to install a certificate.

 

If I go out and buy a certificate and install on WLC will all clients get this certificate automatically ?

 

Are there likely to be any issues still ?

 

 

Review Cisco Networking for a $25 gift card