04-30-2023 06:13 AM
I have a WLC9800 L. I installed a wildcard cert and set a trust point. Now I cannot access the management via GUI. I can still access via putty using the IP. I followed the Cisco documentation for installing the cert but Haven't found anything on the GUI issue after installing a wildcard cert.
I would appreciate any help on this issue.
04-30-2023 08:10 AM
05-01-2023 11:55 AM
Version 17.03.06
04-30-2023 08:56 AM
- For starters have a checkup-review of your 9800 controller (current) configuration with the CLI command : show tech wireless , have the output analyzed with : https://cway.cisco.com/wireless-config-analyzer
Always a good place to start when experiencing all sorts of trouble!
M.
04-30-2023 09:48 AM
Either your browser is flagging the cert change as a security issue in which you need to fry to use a private window, or else since you have cli access, change the https to use a default trustpoint. If you have a backup configuration, you should see the certificate it was using.
05-01-2023 09:59 AM
"Now I cannot access the management via GUI." - can you be more specific?
What exactly is the error, if any? What do you see on a packet capture and browser trace?
Agree with Scott that it's quite likely a browser issue with change of cert rather than WLC issue. As long as you've installed the cert correctly it should work. Go back to basics - make sure the FQDN name you're using is in DNS, resolves to the WLC IP and matches the name on the cert. Then use browser trace (F11), WLC debugs and packet captures to work out why it's not working.
05-01-2023 12:09 PM
Its a wildcard certificate we use for many things in our network. If I go back to the self-signed cert I can get back into the gui. If I ping the controller by name it returns the correct Domain Name.
The trustpoint has
Label - the name of the certificate
Enrollment URL is still the default
Then it has key Generated and Enroll trustpoint checked
05-01-2023 01:05 PM
You didn't answer the question!
When you say "Now I cannot access the management via GUI" - what exactly does that mean? Do you get an error message? Do you get a certificate error? Does the connection timeout? Does the connection get rejected? Have you done a browser trace? Have you done a packet capture? Have you done debugs on the WLC? What do the WLC logs show? Do you have a screenshot illustrating the problem?
05-02-2023 07:14 AM
05-02-2023 07:27 AM
Did you do *any* of the things we suggested or you just ignored the whole lot?
There's no point asking questions if you just ignore the answers.
05-02-2023 08:29 AM
Yes I change the https to use a default trust point per Scotts suggestion which allows me to access via the GUI but still need assistance on getting the cert to work with Guest WIFI
05-02-2023 08:33 AM
I have also run the Show Wireless tech but it shows 0 errors
05-02-2023 08:24 AM
>....Now on my guest wireless when I try to connect I get this site can't be reached. Err_connection_reset
- A bit confusing , are you saying you need GUI access from guest network (not good practice!) ,
M.
05-02-2023 08:44 AM
I'm trying to get rid of the browser error that my connection is not secure when Connecting to my Guest wireless. So I have a certificate to get rid of that error but when I put in the trust point I cannot get to my Internal page to logon with guest WIFI. Without the certificate I get that my Connection isn't secure but I can bypass that and get to my Guest page to logon. I hope that makes sense.
05-02-2023 08:51 AM
- Post a screenshot of what you are seeing ,
M.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide