cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
578
Views
3
Helpful
6
Replies

WLC9800 L Internal Certificate Info

TRNnHelp
Level 1
Level 1

I have Guest WIFI configured on the WLC9800 L and would like to generate an internal certificate to get rid of the certificate error I get when I connect to our guest wifi. When I click add certificate I am not sure if I should put in 192.0.2.1 for the domain name or if there is an internal default on the 9800 that I should use for that field.

6 Replies 6

balaji.bandi
Hall of Fame
Hall of Fame

domain name always prefered. also guest i suggest to use Public Certificate (since most of the device BYOD, so they give always error)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Does it make a difference if our Guest wifi is on a dmz and using public DNS (google)

Nope. You need to purchase a trusted certificate or else disable https and use http. Not really recommended.
-Scott
*** Please rate helpful posts ***

DMZ is always Public facing, so i would suggest always use Public Cert.

example guide : @Scott Fella refering.

https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/213917-generate-csr-for-third-party-certificate.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Scott Fella
Hall of Fame
Hall of Fame

Just to add, with guest devices, they don’t trust internal CA’s that are not public. You can validate this by reviewing the device trusted CA store. Like what @balaji.bandi mentioned, you need to purchase/obtain a trusted certificate from one of the vendors on the list. Most public cert vendors are trusted. That is the only way to not have the certificate error when users are prompted with the portal. 
There are guides out there also, search “Cisco 9800 3rd party certificate install”.

-Scott
*** Please rate helpful posts ***

Rich R
VIP
VIP

And the cert must match the fully qualified domain name, and that FQDN must resolve to the virtual IP in DNS.

Review Cisco Networking for a $25 gift card