Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
664
Views
0
Helpful
2
Replies

WLC 9800 IOS-XE and Level 3 Webauth certificates

kerstin-534
Level 1
Level 1

‎06-21-2022 04:30 AM

Webauth on a WLAN ist meant here.

Can somebody explain how to confgure WLAC 9800 IOS-XE (e.g. 17.3.5) to send complete certificate chain to client webbrowser the using level-3 certficates (two CA intermediate certificates, and a CA root certificate). I can see with 

openssl s_client -showcerts -servername ...

that only one intermediate is sent to client. So the client can never check up to the root.

I have also seen that WLC5508 with AirOS 8.3 sends the complete chain with the same certificate.

Labels:
0 Helpful
2 Replies 2

Rasika Nayanajith
VIP Alumni
VIP Alumni

‎06-21-2022 12:01 PM

Hope you have seen the below document, worth going through it if you haven't seen it 

https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/213917-generate-csr-for-third-party-certificate.html 

 

HTH

Rasika

*** Pls rate all useful responses ***

0 Helpful

kerstin-534
Level 1
Level 1

‎06-22-2022 12:26 AM

yes, this document ist quite good.

 

I've seen that the same certfiate used for webauth and webadmin ist send once with chain and once without chain.

When used as webadmin the whole chain is sent. When used as webauth only the first intermediate is sent. This makes the fix for Cisco bug ID CSCwa23606 obsolete.

Note: Currently, the 9800 WLC does not present the full certificate chain whenever a specific trustpoint is used for webauth or webadmin, rather it presents the device certificate and its immediate issuer. This is tracked with Cisco bug ID CSCwa23606

 

 

, fixed in Cisco IOS® XE 17.8.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card