cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6273
Views
0
Helpful
3
Replies

WLC Certificate

Cisco Freak
Level 4
Level 4

Hi All,

I am thinking what's the difference between Web Administration and web authentication certificates.

(Cisco Controller) >show certificate summary
Web Administration Certificate................... Locally Generated
Web Authentication Certificate................... 3rd Party
Certificate compatibility mode:.................. off
Lifetime Check Ignore for MIC ................... Disable
Lifetime Check Ignore for SSC ................... Disable

Any help would be appreciated!

CF

3 Replies 3

Philip D'Ath
VIP Alumni
VIP Alumni

I'm not 100% certain on this one.

I believe web authentication is used with the captive portal authentication (aka often used for guests).  This is often on the 1.1.1.1 address.

Web administration is when you browse to its web interface to administrator the box.

What this means is that you have installed a 3rd party SSL certificate on your controller for the purposes of Guest Authentication. 

For accessing the GUI via https the controller uses a self signed cert. 

If you want to provide Guest Access from your controller using this self signed cert for Guest Access i.e captive portal they will be prompted with a security warning that there is a certificate error. 

The reason for this is that the client is unable to validate the identity of the WLC - they are hitting the virtual interface typically 1.1.1.1 and do not have a matching certificate to validate this. 

The solution is to generate a 3rd party signed cert that will validate the DNS name and IP to be that of the WLC. The Guest client will typically query the external DNS of the company to validate the IP of 1.1.1.1 matches the DNS name on the virtual interface and the cert.

It is quite a long process to address a simple problem. 

The process to generate the Certificate is here

http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/109597-csr-chained-certificates-wlc-00.html

The clients could just ignore the security warning and proceed, but if you are supplying a guest wireless solution then you don't want them to question the validity of your wireless?

Long answer for a short question! 

Regards, 

Roger

Please Rate any helpful posts

mohanak
Cisco Employee
Cisco Employee

Web Administration :  is web page you access the device through web, certificate is internally generated.

Web Authentication : The controller’s operating system automatically generates a fully functional web authentication certificate, so you do not need to do anything in order to use certificates with Layer 3 web authentication. However, if desired, you can prompt the operating system to generate a new web authentication certificate, or you can download an externally generated SSL certificate.

Review Cisco Networking for a $25 gift card