03-08-2023 08:06 AM
I have Guest WIFI configured on the WLC9800 L and would like to generate an internal certificate to get rid of the certificate error I get when I connect to our guest wifi. When I click add certificate I am not sure if I should put in 192.0.2.1 for the domain name or if there is an internal default on the 9800 that I should use for that field.
03-08-2023 08:23 AM
domain name always prefered. also guest i suggest to use Public Certificate (since most of the device BYOD, so they give always error)
03-08-2023 09:06 AM
03-08-2023 10:17 AM
03-08-2023 10:45 AM
DMZ is always Public facing, so i would suggest always use Public Cert.
example guide : @Scott Fella refering.
03-08-2023 09:08 AM
Just to add, with guest devices, they don’t trust internal CA’s that are not public. You can validate this by reviewing the device trusted CA store. Like what @balaji.bandi mentioned, you need to purchase/obtain a trusted certificate from one of the vendors on the list. Most public cert vendors are trusted. That is the only way to not have the certificate error when users are prompted with the portal.
There are guides out there also, search “Cisco 9800 3rd party certificate install”.
03-10-2023 09:32 AM
And the cert must match the fully qualified domain name, and that FQDN must resolve to the virtual IP in DNS.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide