5508 loading cert for web auth

I have web auth enabled on the WLC so when clients connect, they get a cert error because it uses a self signed cert.  I was reading upward on obtaining a third part cert and he tells have openssl and then generate the cert and send it to a third-party CA etc.

All the links that you can share would be very useful, explaining best practices and to load a cert of third party on the WLC 5508 for web authentication.

Why can't just get a cert from them for our domain and simply load on the WLC?

Hi Mohammed,.

Here are the two links that are like the bible to generate certificates...

http://www.Cisco.com/en/us/products/ps6366/products_configuration_example09186a0080a77592.shtml

http://www.Cisco.com/en/us/Tech/tk722/tk809/technologies_configuration_example09186a00806e367a.shtml

Depends on whether you use Chained or chained UN CERT... Following the link above will help you to get the problem resolved!

Let me know if this answers your question!

Concerning

Surendra

Tags: Cisco Wireless

Similar Questions

  • How to generate CSR on switches for web auth with NGS

    Hello

    I do solution dot1x with web auth on switches cisco 3750.

    Once the wired customer put in the web authentication status (after dot1x and mab) and goes to a website, he receives a certificate warning. This is because as the switch cisco selfsigned certificate.

    I want to use a verisign certificate to resolve this error, but I can't find a way to generate a CSR on a switch. I only found a guide how to request a certificate from a CA on the local network, but it is also not a solution, because the customers with the help of web authentication, won't the internal certification authority.

    Is it possible to fix this?

    Greetings

    Steven

    Hi Steven,

    The document below is really for IOS SSLVPN, but the part of the certificate must be the same:

    http://www.Cisco.com/en/us/prod/collateral/iosswrel/ps6537/ps6586/ps6657/white_paper_c07-372106_ps6657_Products_White_Paper.html

    Search for the 'Annex B' and it goes into the creation of a trustpoint and then a section for the self-signed and another is to generate a certificate request to send to an external certification authority.

    Once created a trustpoint command to actually generate the CSR is "crypto PKI enroll."

    This document goes into a bit more details on orders of the person and what they do:

    http://www.Cisco.com/en/us/docs/iOS/sec_secure_connectivity/configuration/guide/sec_cert_enroll_pki.html

    Also, you can use something external to the switch as OpenSSL to generate the CSR and private key and then use it to request a certificate from your Verisign CA and then import the cert/key pair in the IOS device.

    Thank you

    Nate

  • Oracle load testing for Web Applications - connection problem

    Hello

    I am currently trying to learn that load tests of Oracle for Applications Web tool Version: 8.50.0299 and he asks me a user name and password to connect...

    and I only set a master password during installation
    try recording with user name: System, sys
    password: master password

    It did not work :(


    any ideas?

    You want the user 'administrator' (with the password you set during installation).

  • When I add images in MUSE, do photos resize for web quality (and therefore the page will load pretty quickly) or what I have to do using external software such as photoshop, etc. ? Thank you

    When I add images in MUSE, do photos resize for web quality (and therefore the page will load pretty quickly) or what I have to do using external software such as photoshop, etc. ?

    Also is there a way I can change the email of the contact form for my contact at the same time form a whole.

    I have over 100 contact forms and I want them to send the same email anyway I can do without going one by one?

    Yes, the new image is physically reduced (interpolated/oversampled) to the dimensions of the original image once that replace you it through the portal of IBE.

    Thank you

    Vikas

  • ISE web auth for other than cisco switch (D-link 3528)

    Is it possible to use ISE (posture inline node) to redirect to portal comments ISE wired users?

    And wired users will get full network access after they pass the web auth.

    Hello

    Theoretically, it could work if the switch is able to send all the attributes in accounting packets, such as IP address and mac address by asking the station id. If the attributes are missing or incorrect, the iPEP ISE will never create the session (see show pep session table).

    That said, who probably never have been tested, so you may want to reconsider your design, there is no guarantee that this can still work.

  • Web Auth customization (data type icon download?)

    I recently installed 7.5 WLC and began a Web Auth customization base.  I did my usual CLI commands to download my image when I discovered a new option, tranfer download data type icon.  I tried to download a small picture to see what it would change, and I don't see anything in particular.  Nobody knows what that change? (No it has not changed Cisco logos anywhere in the graphical interface, at least that I could see)

    (Cisco Controller) > transfer download datatype?

    code download an executable image on the system.
    config download Configuration file.
    eapcacert download a certificate from CA eap on the system.
    eapdevcert download a certificate of dev eap on the system.
    icon download an executable image on the system.
    image upload a logo on the web page on the system.
    ipseccacert download an IPSec certificate for the system.
    ipsecdevcert download a certificate of dev IPSec for the system.
    Login-banner download controller login banner. (Text only file supported: Max 1500 bytes & 18 lines, printable characters not unsupported)
    signature download a signature for the system file.
    webadmincert download a certificate of web directors on the system.
    webauthbundle download a package webauth customized for the system.
    webauthcert download a certificate web portal on the system.

    Hey Robinson,

    Sorry for the delay...

    Download transfer data type icon

    is the new order introduced on the WLC and especially for Mobile Concierge we have... it has more to do with the generic advertising Service 802.11U and please visit-

    http://en.Wikipedia.org/wiki/IEEE_802.11U

    This to load the icon for GAS on the WLC and nothing has to do with the connect/disconnect webauth pages...

    We will ensure this is documented on the cisco properly guides...

    Please let me know if that answers your question

    Concerning

    Surendra

  • Urgent - NAC + ACS + Web-Auth in Wired environment - https redirection - certificate problem

    Hello world.

    I'm seting of an environment that uses Web-Auth for my cable and wireless. I followed the exact steps in this page of Cisco to run:

    http://www.Cisco.com/en/us/prod/collateral/iosswrel/ps6537/ps6586/ps6638/app_note_c27-577490.html

    I'm only testing environment wired right now.

    I plug a PC on a port, and I try to access a Web page of randon (for example, www.cisco.com). It is automatically redirected to the authentication page. I type the user name and password, but when authentication is successful, it goes automatically to the https version of the page, which brings me to the problem. I should add an exception (more on this option on the IE Web page) to this page to continue with the authentication and gain access to the internet. I enclose the steps I must perform:

    I think that it is linked to the certificate, but I'm not sure who or where. I would like to get some advice on your part to avoid this problem. I have no intention to buy all certificates, so if I could jump the https would be great.

    Thanks a lot for your help

    Victor Alves

    If you don't want an official cert, you must go to http only. But this means that people paswords will transit in the clear on the network.

    It's been long that I tried, but not is not remove 'ip http-server secure' do the trick?

  • Some website does not load, I get Yahoo 'Page not found', loads of site Web in Chrome, FF on-site troubleshooting didn't help.

    Nice day

    for about 2 weeks, I get the same error when trying to load a single Web site. The problem only occurs at a site, but not for others. I tried everything in the article of the resolution of problems and things from this forum, but nothing helped.
    I can open the site Web of Google Chrome and Firefox on other PCs.
    The 'error' Yahoo I get is: "the requested URL"http://kissanime.com/"is not found or is not available. Please check the spelling or try again later. »
    Disabling IPv6 does not work either.
    Can someone help me?

    Greetings,
    Waru

    Make a check of malware with several malware scanning of programs on the Windows computer.
    Please scan with all programs, because each program detects a different malicious program.
    All of these programs have free versions.

    Make sure that you update each program to get the latest version of their databases before scanning.

    Alternatively, you can write a check for an infection rootkit TDSSKiller.

    See also:

  • MS refuses to load software for printer Plug & Play, [Kodak ESP7] and Viewsonic monitor. MS = not signed?

    Recently, MS windos XP sp3 fails to recognize the common plug & play devices.  Says error message "software not signed" then demand load anyway?... I say yes, but the charger just an infinite loop, preventing the drivers to load.

    MS refuses to load software for printer Plug & Play, [Kodak ESP7] and Viewsonic monitor. MS = unsigned.  Was the load ok previously.

    This is how I have to upgrade?  I have five computers and two are 98 and 95 for some software.  That line.  TonyR

    The signed data are perhaps crushed or damaged on the HARD drive.

    Hello

    See this Microsoft KB article and check if that helps.

    How to troubleshoot unknown devices listed in Device Manager in Windows XP

    http://support.Microsoft.com/kb/314464

    When you install a device driver and Windows detects that it is not digitally signed, you receive a warning message and the option to cancel or continue the installation this message only appears if your computer is configured to display a warning message whenever an installation program attempts to install a device without a digital signature driver.

    Note A device driver is signed digitally can still be listed as an unknown device in Device Manager.

    For more information about driver signing for Windows, see the Microsoft Web site at the following address:

    http://www.Microsoft.com/whdc/devtools/ddk/default.mspx

  • Activate the Session Timeout - comments web-auth

    Hi all

    Just a quick. If this period expires when you use web-auth on a wlan of comments in the following way

    PC - Ap - WLC (campus) - anchor WLC (DMZ) - www

    Fact leap web session and the user will be redirected to the authentication web page?

    Thx a lot indeed.

    Ken

    The Ambassador Hall may specify the time during which the comments user accounts remain active. Once the deadline is passed, the guest user accounts expire automatically.

    For the more detailed description the following guide to manage the accounts of user may help you

    http://www.Cisco.com/en/us/docs/wireless/controller/5.0/Configuration/Guide/c5users.html#wp1048408

  • Active Directory users are authenticated web-auth (web-auth has only LOCAL users)

    Hello

    I have a model WLC 4404 with software version 4.2.205.0.
    I have 2 SSID: Wireless and invited
    -Wireless: using [WPA + WPA2] [Auth (802. 1 X)]
    -Guests: use Web-Auth

    In the guests of SSID (WLAN-> Edit > AAA security servers I have not all enable server - option there is NOT and not activated-).

    I do not understand that the request for authentication is attempted ONLY locally to the WLC but not in the ACS (ACS has been configured in security-> RADIUS-> authentication).

    When a user authentication Web Page inserts user and password of SSID wireless (users who need to be authenticated in Active Directory via ACS) it is authenticated.

    I need to change this behavior.

    There are a few options depending on what you are using the code.

    6.0 and higher, there is an option in the WLAN directly, select only LOCAL.

    5.2 below, under Radius authentication servers, uncheck the box for the user of the network.  This check box allows the WLC to use the servers in the world, which means that if it is not precisely defined under the WLAN, it can / will still be used

  • WLAN controlled WEB AUTH, what is the session re-checked after initial authentication?

    I intend to use the Web (with external server) on controller Cisco WLAN authentication.

    Unfortunately, I have none not one with which I can experiment and impossible to find the following information in the documentation.

    Once a user authenticates successfully the first time, when authentication is performed again?

    Is - this periodical? Or maybe specified in the message of acceptance of access?

    Thanks for your help.

    I do not think that something is done in the background / transparant when the session timeout occurs.

    If RADIUS sends you a Timeout for the Session of 30 minutes, then 30 minutes the WLC puts the client in a State of Web Auth required yet. In which case, they will have to open the Internet browser and send the credentials again (manual process).

    The session timeout is a hard-stop to force re-authentication...

    The access-request/access-accept (as I know) is only for full authentication.

  • Registration of ISE1.2 MAC after LDAP web-auth

    Faced with a situation where we just do a simple one time registration of the MAC address after a person authenticates successfully web-auth using LDAP.

    It is very similar to guest authentication, but I do not know how to customize the other portal for this group of users, so I do not affect the current Portal of comments.  Is there a better way?

    I am considering the following sequence:

    1. the user trying to connect wireless for the first time and is redirected to a web page to enter the LDAP credentials

    2. the user authenticates successfully credentials and ISE adds MAC address of a group of endpoint of the ENDPOINT "VALID."

    3. the next time that the user tries to access wireless, they are connected flawlessly, but what happens is ISE sees their MAC in the group "Endpoint INVALID" and MAB of them on the network.

    It looks a lot like the configuration of the portal comments, but I don't know how tell you him to register the MAC with a group of endpoint.

    Thanks in advance,

    Mike

    You can save the device via the device with mac address registration portal and it will be added to the endpoint group "registereddevice".

  • redirect web-auth comments

    Hi guys,.

    I'm having some problems with getting the web-auth redirection to work properly.

    Basically, I set up an SSID with authentication of layer 3 and the customer's IP via DHCP, the DHCP server is configured on a win 2008 Server (192.168.10.18).

    After the client connects to the network wirelessly with web authentication, it got a valid IP address, can I open a web browser and access www.google.com, then it does not redirect me to the authentication web page requesting my credentials.

    I did an "ipconfig/all" on the client and found that I have the correct gateway and the DNS server IP address is 192.168.10.18, on the DNS server, I also have an entry called 'wlc2112' that is pointing to the IP of an another 2112 WLC with 1.1.1.1. If I type "http:wlc2112" in the browser, then I can get redirected to the correct web auth page with https://wlc2125.wirelessdomain.local/login.html?redirect=wlc2112 in the url and ask for credentials. the wlc2125 is another entry that I configured in the DNS as well, it is also the WLC I configured the SSID for web authentication.

    If I type the IP address of the WLC in the url I also redirected to the web page of auth.

    It seems to me that if we type something which cannot be resolved by the DNS (192.168.10.18) server, then the redirect page falls down, so I just want to ask if it is a behavior expected or there is something I have to do with the configuration? I think I missed something here, as in the example of config on the Cisco Web site, he used google.com as an example and GraphiqueP correctly.

    any comments would be much appreciated, thanks in advance for your time and your help.

    Andy,

    This is the expected behavior.  If the URL cannot be resolved, the WLC won't start screen.  The DNS query is mandated by the WLC, and if it does not get a valid line, you see what you see.

    See you soon,.
    Steve

    --

    If this helps you or answers to your question if it you please mark it as 'responded' or write it down, if other users can easily find it.

  • I have a copy of Creative Suite Premium CS6 I have loaded from your web site down.  The serial number on my disk < removed serial number > and the serial number in my game account. However when I try to install, it is said that the number of erial i

    I have a copy of Creative Suite Premium CS6 I have loaded from your web site down.

    The serial number on my disk < removed serial number > and the serial number in the game of my account. However when I try to install, it is said that the number of erial is not valid.

    Please help me to install this drive or allow me to download another copy.

    I have used this program for several years but had lost and major computer crash the installed copy.

    Leroy Noyes

    Error "serial number is not valid for this product". Creative Suite

Maybe you are looking for

  • I backed up and restored Firefox but my passwords will not restore

    I followed the instructions on how to back up and restore my Firefox profile (that I had to do after a full restore of the system), however, my passwords have not been restored. My Favorites are all here, but the "Saved passwords" box is completely e

  • I can't download add ons

    I can't download any add ons. I get the message "there was an error downloading/add an insert on name here /.» Try again. » I have uninstalled/reinstalled Firefox without success.

  • Satellite C850 - clicking noise and freezes at startup

    When I start my computer, I get a clicking sound as the morse code and my computer freezes until the noise stops. Initially, I had 8 Windows on the computer and had the problem then. I hated Windows 8 anyway so I removed and installed Windows 7 Home

  • Cancel send conversations/thread

    On El Capitan OSX 10.11.2, how cancel you send conversations/discussions?

  • How to find corrupted files and remove them on mac i

    How to find corrupted files and remove them on i mac?  AM currently using OS x EL capitan 10.11.12 Mac said to run slowly and the recent upload did not work until the 3rd attempt. Thank you