Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4756
Views
0
Helpful
7
Replies

WLC https GUI certificate not vaild error in Chrome

Andrew White
Level 2
Level 2

‎05-10-2019 12:44 AM - edited ‎07-05-2021 10:22 AM

Hello,

 

When we browse to our 5508 WLC's web GUI it always prompts us with a warning that our certificate is not valid, but let's us proceed.  It doesn't look provisional and I want to put a valid certificate on there but have no idea on how to do this.

 

We have an internal certificate server on a Windows server, plus servers with IIS to create a self cert, but really that's as much as I know about certificates and wondered if anyone can help?

 

This is the certificate we see

 

WLCcert.PNG

 

Thanks

Labels:
0 Helpful
7 Replies 7

Haydn Andrews
VIP
VIP

‎05-10-2019 01:12 AM

Take a look at these:

 

https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_cg80_chapter_01001.html

 

https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/109597-csr-chained-certificates-wlc-00.html

 

Its the web admin certificate you need to load

*****Help out other by using the rating system and marking answered questions as "Answered"*****
*** Please rate helpful posts ***
0 Helpful

Sathiyanarayanan Ravindran
Spotlight
Spotlight

‎05-10-2019 02:34 AM

Generate and enroll the certificate on the WLC as per the guidelines shared by Andrews, also while generating the certificate generate it with a Subject Alternative Name. After the version 58 chrome will give certificate error, If SAN is not present.

Regards,
Sathiyanarayanan Ravindran

Please rate the post and accept as solution, if my response satisfied your question:)
0 Helpful

Andrew White
Level 2
Level 2
In response to Sathiyanarayanan Ravindran

‎05-10-2019 05:05 AM

So would I need to first generate an CSR:

 

Security > Certificate > CSR

 

Then send it to a 3rd party CA like Godaddy even though it's an internal DNS name?

 

Thanks

0 Helpful

filipe.gaspar
Level 1
Level 1
In response to Andrew White

‎05-10-2019 05:43 AM

You can use your own PKI with xca (or another tool) or you can request a public certificate (like verisign etc).

 

I'm using using xca because is very simple linux tool.

0 Helpful

Andrew White
Level 2
Level 2
In response to filipe.gaspar

‎05-10-2019 07:48 AM

So I just need to generate the CSR as the first part to all this, then import:

 

https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_cg80_chapter_01001.html#generating-csr

 

I will use  the GUI mode.  

 

Just worried about after the reboot it may be inaccessible.

0 Helpful

filipe.gaspar
Level 1
Level 1
In response to Andrew White

‎05-10-2019 08:28 AM

Generating CSR is just the beginning. After that, you have to get the certificate, push it into WLC and generates an entry in your DNS server.
0 Helpful

patoberli
VIP Alumni
VIP Alumni
In response to filipe.gaspar

‎05-13-2019 06:11 AM

And reboot the WLC as the last step. Don't forget the reboot.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card