Looking at the document, I see something called OpenSSL.  Do I get a certificate from that website or could you recommend a well known provider.  Not much experience with certificates.  Just started about 6 months ago on the guest wireless.  We have had wireless for the employees for years but guest is new. 

openSSl is just a program to let you build the request and combine the files you get back from the provider.

for well known, Thawte, Verisign, GoDaddy...

HTH,

Steve

Can I generate CSR on my windows 2008 CA server, or does it have to be public from a third party?

No since your guest won't have your root. You need to have a pubic .. 

Ok, another newbie question.  Do I have already a certificate from our website "www.autumncorp.com" from BizCom.  Since BizCom houses our website wouldn't that be trusted.  I'm I looking at this wrong.

Who signs your public certs ? Bizcom sound like a web hosting company.. They don't sign certs. 

 You would create a CSR in openssl and fill out the cert info. The common name you could use guest.autumncorp.com. 

Nobody signs public certs.  I have a CA on our active directory server.  I guess so far we haven't needed one until now.  Bizcom is a web hosting and email company.

Yea, so whoever manages you domain or maybe even the web host can get you a signed cert. Like for me I own guestnetwork,org. I go through godaddy .. I provide them my CSR and they burn me the cert tied to my domain. 

This is why I created guestnetwork.org I handle this entire process for customers; csr,cert,A record etc ... It can be a pain for some folks. 

Make sense?

autumncorp.com is our domain name and BizCom manages it.  Do I need to get up with them to get a certificate for our domain and install that certificate on my controller.  Another question, if I redirect them to another web site like www.google.com would that bypass the certificate error.  Also, how many certificates do I need?  Just one, or one for each guest logging in.  Not seeing this message on phones or ipads just computers.

You create the CSR in open SSL. You give your CA the CSR and they will burn you the cert. 

Then you take the root, chain, device certs then bind it to the pem in open ssl.

Once that is done then you upload to the controller.

Make sure you use a version of openssl lower than 1.0v.

If you want a guest page then you need the cert. Redirects happen AFTER the page pop up.

You only need one and you can put on your different controllers.

Are you anchoring ?

Delete the SSID from your iPad and try it again. Looks like you may have accepted the cert the first time.

Thanks, alot for all your help.  If I only need one certificate for all my controllers how much does a certificate usually cost?  

No worries.. Certs you buy in time .. Like one year is $75 or cheaper .. depends which CA you use to sign.

Feel free to support the rating system if any of this is helpful!