Web Auth certificate. PEM format
Hello
I try to put a web on my controller authentication certificate and I am unable to do so. When I click on the 'Help' button on the controller, it says the certificate must be in. PEM format. The certificate I is just in .txt format, how can I convert .pem? Any thoughts or ideas would be appreciated.
Here is the link of Cisco.
http://www.Cisco.com/en/us/Tech/tk722/tk809/technologies_configuration_example09186a00806e367a.shtml
Tags: Cisco Wireless
Similar Questions
-
Urgent - NAC + ACS + Web-Auth in Wired environment - https redirection - certificate problem
Hello world.
I'm seting of an environment that uses Web-Auth for my cable and wireless. I followed the exact steps in this page of Cisco to run:
http://www.Cisco.com/en/us/prod/collateral/iosswrel/ps6537/ps6586/ps6638/app_note_c27-577490.html
I'm only testing environment wired right now.
I plug a PC on a port, and I try to access a Web page of randon (for example, www.cisco.com). It is automatically redirected to the authentication page. I type the user name and password, but when authentication is successful, it goes automatically to the https version of the page, which brings me to the problem. I should add an exception (more on this option on the IE Web page) to this page to continue with the authentication and gain access to the internet. I enclose the steps I must perform:
I think that it is linked to the certificate, but I'm not sure who or where. I would like to get some advice on your part to avoid this problem. I have no intention to buy all certificates, so if I could jump the https would be great.
Thanks a lot for your help
Victor Alves
If you don't want an official cert, you must go to http only. But this means that people paswords will transit in the clear on the network.
It's been long that I tried, but not is not remove 'ip http-server secure' do the trick?
-
Web Auth customization (data type icon download?)
I recently installed 7.5 WLC and began a Web Auth customization base. I did my usual CLI commands to download my image when I discovered a new option, tranfer download data type icon. I tried to download a small picture to see what it would change, and I don't see anything in particular. Nobody knows what that change? (No it has not changed Cisco logos anywhere in the graphical interface, at least that I could see)
(Cisco Controller) > transfer download datatype?
code download an executable image on the system.
config download Configuration file.
eapcacert download a certificate from CA eap on the system.
eapdevcert download a certificate of dev eap on the system.
icon download an executable image on the system.
image upload a logo on the web page on the system.
ipseccacert download an IPSec certificate for the system.
ipsecdevcert download a certificate of dev IPSec for the system.
Login-banner download controller login banner. (Text only file supported: Max 1500 bytes & 18 lines, printable characters not unsupported)
signature download a signature for the system file.
webadmincert download a certificate of web directors on the system.
webauthbundle download a package webauth customized for the system.
webauthcert download a certificate web portal on the system.Hey Robinson,
Sorry for the delay...
Download transfer data type icon
is the new order introduced on the WLC and especially for Mobile Concierge we have... it has more to do with the generic advertising Service 802.11U and please visit-
http://en.Wikipedia.org/wiki/IEEE_802.11U
This to load the icon for GAS on the WLC and nothing has to do with the connect/disconnect webauth pages...
We will ensure this is documented on the cisco properly guides...
Please let me know if that answers your question
Concerning
Surendra
-
How to generate CSR on switches for web auth with NGS
Hello
I do solution dot1x with web auth on switches cisco 3750.
Once the wired customer put in the web authentication status (after dot1x and mab) and goes to a website, he receives a certificate warning. This is because as the switch cisco selfsigned certificate.
I want to use a verisign certificate to resolve this error, but I can't find a way to generate a CSR on a switch. I only found a guide how to request a certificate from a CA on the local network, but it is also not a solution, because the customers with the help of web authentication, won't the internal certification authority.
Is it possible to fix this?
Greetings
Steven
Hi Steven,
The document below is really for IOS SSLVPN, but the part of the certificate must be the same:
Search for the 'Annex B' and it goes into the creation of a trustpoint and then a section for the self-signed and another is to generate a certificate request to send to an external certification authority.
Once created a trustpoint command to actually generate the CSR is "crypto PKI enroll."
This document goes into a bit more details on orders of the person and what they do:
Also, you can use something external to the switch as OpenSSL to generate the CSR and private key and then use it to request a certificate from your Verisign CA and then import the cert/key pair in the IOS device.
Thank you
Nate
-
5508 loading cert for web auth
I have web auth enabled on the WLC so when clients connect, they get a cert error because it uses a self signed cert. I was reading upward on obtaining a third part cert and he tells have openssl and then generate the cert and send it to a third-party CA etc.
All the links that you can share would be very useful, explaining best practices and to load a cert of third party on the WLC 5508 for web authentication.
Why can't just get a cert from them for our domain and simply load on the WLC?
Hi Mohammed,.
Here are the two links that are like the bible to generate certificates...
http://www.Cisco.com/en/us/products/ps6366/products_configuration_example09186a0080a77592.shtml
http://www.Cisco.com/en/us/Tech/tk722/tk809/technologies_configuration_example09186a00806e367a.shtml
Depends on whether you use Chained or chained UN CERT... Following the link above will help you to get the problem resolved!
Let me know if this answers your question!
Concerning
Surendra
-
I bought my laptop from a friend, but it seems to work just great, windows 7 and all. the only thing who is spooky me is why I can't go to any Web site or Web page without the same page popping up who said that the Web site certificate is invalid or expired AND I shouldn't continue to the page. I don't know what to do...
I bought my laptop from a friend, but it seems to work just great, windows 7 and all. the only thing who is spooky me is why I can't go to any Web site or Web page without the same page popping up who said that the Web site certificate is invalid or expired AND I shouldn't continue to the page. I don't know what to do...
The most common reason for this is that your computer clock is wrong.
Right click on the clock in the system tray. Select adjust Date and time.
Check and correct the month, day, year, hour, minutes and time zone.
Reboot if you have changed all the foregoing.
-steve
-
Activate the Session Timeout - comments web-auth
Hi all
Just a quick. If this period expires when you use web-auth on a wlan of comments in the following way
PC - Ap - WLC (campus) - anchor WLC (DMZ) - www
Fact leap web session and the user will be redirected to the authentication web page?
Thx a lot indeed.
Ken
The Ambassador Hall may specify the time during which the comments user accounts remain active. Once the deadline is passed, the guest user accounts expire automatically.
For the more detailed description the following guide to manage the accounts of user may help you
http://www.Cisco.com/en/us/docs/wireless/controller/5.0/Configuration/Guide/c5users.html#wp1048408
-
Active Directory users are authenticated web-auth (web-auth has only LOCAL users)
Hello
I have a model WLC 4404 with software version 4.2.205.0.
I have 2 SSID: Wireless and invited
-Wireless: using [WPA + WPA2] [Auth (802. 1 X)]
-Guests: use Web-AuthIn the guests of SSID (WLAN-> Edit > AAA security servers I have not all enable server - option there is NOT and not activated-).
I do not understand that the request for authentication is attempted ONLY locally to the WLC but not in the ACS (ACS has been configured in security-> RADIUS-> authentication).
When a user authentication Web Page inserts user and password of SSID wireless (users who need to be authenticated in Active Directory via ACS) it is authenticated.
I need to change this behavior.
There are a few options depending on what you are using the code.
6.0 and higher, there is an option in the WLAN directly, select only LOCAL.
5.2 below, under Radius authentication servers, uncheck the box for the user of the network. This check box allows the WLC to use the servers in the world, which means that if it is not precisely defined under the WLAN, it can / will still be used
-
WLAN controlled WEB AUTH, what is the session re-checked after initial authentication?
I intend to use the Web (with external server) on controller Cisco WLAN authentication.
Unfortunately, I have none not one with which I can experiment and impossible to find the following information in the documentation.
Once a user authenticates successfully the first time, when authentication is performed again?
Is - this periodical? Or maybe specified in the message of acceptance of access?
Thanks for your help.
I do not think that something is done in the background / transparant when the session timeout occurs.
If RADIUS sends you a Timeout for the Session of 30 minutes, then 30 minutes the WLC puts the client in a State of Web Auth required yet. In which case, they will have to open the Internet browser and send the credentials again (manual process).
The session timeout is a hard-stop to force re-authentication...
The access-request/access-accept (as I know) is only for full authentication.
-
ISE web auth for other than cisco switch (D-link 3528)
Is it possible to use ISE (posture inline node) to redirect to portal comments ISE wired users?
And wired users will get full network access after they pass the web auth.
Hello
Theoretically, it could work if the switch is able to send all the attributes in accounting packets, such as IP address and mac address by asking the station id. If the attributes are missing or incorrect, the iPEP ISE will never create the session (see show pep session table).
That said, who probably never have been tested, so you may want to reconsider your design, there is no guarantee that this can still work.
-
Registration of ISE1.2 MAC after LDAP web-auth
Faced with a situation where we just do a simple one time registration of the MAC address after a person authenticates successfully web-auth using LDAP.
It is very similar to guest authentication, but I do not know how to customize the other portal for this group of users, so I do not affect the current Portal of comments. Is there a better way?
I am considering the following sequence:
1. the user trying to connect wireless for the first time and is redirected to a web page to enter the LDAP credentials
2. the user authenticates successfully credentials and ISE adds MAC address of a group of endpoint of the ENDPOINT "VALID."
3. the next time that the user tries to access wireless, they are connected flawlessly, but what happens is ISE sees their MAC in the group "Endpoint INVALID" and MAB of them on the network.
It looks a lot like the configuration of the portal comments, but I don't know how tell you him to register the MAC with a group of endpoint.
Thanks in advance,
Mike
You can save the device via the device with mac address registration portal and it will be added to the endpoint group "registereddevice".
-
Hi guys,.
I'm having some problems with getting the web-auth redirection to work properly.
Basically, I set up an SSID with authentication of layer 3 and the customer's IP via DHCP, the DHCP server is configured on a win 2008 Server (192.168.10.18).
After the client connects to the network wirelessly with web authentication, it got a valid IP address, can I open a web browser and access www.google.com, then it does not redirect me to the authentication web page requesting my credentials.
I did an "ipconfig/all" on the client and found that I have the correct gateway and the DNS server IP address is 192.168.10.18, on the DNS server, I also have an entry called 'wlc2112' that is pointing to the IP of an another 2112 WLC with 1.1.1.1. If I type "http:wlc2112" in the browser, then I can get redirected to the correct web auth page with https://wlc2125.wirelessdomain.local/login.html?redirect=wlc2112 in the url and ask for credentials. the wlc2125 is another entry that I configured in the DNS as well, it is also the WLC I configured the SSID for web authentication.
If I type the IP address of the WLC in the url I also redirected to the web page of auth.
It seems to me that if we type something which cannot be resolved by the DNS (192.168.10.18) server, then the redirect page falls down, so I just want to ask if it is a behavior expected or there is something I have to do with the configuration? I think I missed something here, as in the example of config on the Cisco Web site, he used google.com as an example and GraphiqueP correctly.
any comments would be much appreciated, thanks in advance for your time and your help.
Andy,
This is the expected behavior. If the URL cannot be resolved, the WLC won't start screen. The DNS query is mandated by the WLC, and if it does not get a valid line, you see what you see.
See you soon,.
Steve--
If this helps you or answers to your question if it you please mark it as 'responded' or write it down, if other users can easily find it.
-
Short WAT Kapov - error with the client for a Web site certificate
Hello
I'm new to the WAT of short component and I try something.
Whenever I enter any website URL, it throws this error indicated in the screenshot.
I read WAT usage guide that says to add the SSL Web site certificate in the folder ' certificates/server '. I still get the same error.
Any help would be appreciated.
Thank you
If you need a proxy server and you have not defined a, try to set a proxy server.
-
How can I remove a web site certificate?
I received the message "get me outta here" and said that I trusted to the site, only to realize later that I mistyped the URL. I want to remove the certificate from the Web site, but I can't figure out how.
There are already a help section on the certificate Certificate Manager Manager, but it is not written for the current version of Mozilla, so I can't understand how get you to the Certificate Manager.
Any guidance would be appreciated.
Go to the site, click the identity button of the Site at the far left of the URL bar, on the Security tab in the Page Info window now open, click view certificate. General and details tab must be sufficient information to locate the certificate used by the site.
- The site identity button:
If this answer solved your problem, please click 'Solved It' next to this response when connected to the forum.
You can delete old Java Console extensions you have installed. You have an older version 6.0.21, 6.0.23, 6.0.22, 6.0.24
Remove them by following these instructions: http://kb.mozillazine.org/Java#Multiple_Java_Console_extensions - The site identity button:
-
BTHOMEHUB. HOME WEB SITE CERTIFICATE
When you try to set up my BT Home Hub via bthomehub.home, I'm in there is a problem with the certificate on this Web site. If I continue (or use http rather than https) im advised not but everything works ok. No reason and no idea how to solve this problem? Thank you.
This is not really a Web site, they are actually stored on the home itself hub (not that is not on the World Wide Web). The certificate it uses when you access the site using HTTPS is that issued by itself to itself, that is why he does not trust. Since there is no real reason to secure the connection between your computer and the hub, you can also just use http://bthomehub.home to access. I always use http://192.168.1.254.
Maybe you are looking for
-
External audio device for Tecra A11 - 11H
Although the Tecra A11 - 11 sound better than most laptops, I would definitely come back to the full sound quality.Without any audio output the possibilities seem very limited.USB speakers seem to be either very low powered or high-powered, expensive
-
Satellite A305-S6852 - connection Bluetooth for Samsung D900i problem
Hi guys! I have laptop Toshiba A305-S6852 and I have some problems with my Bluetooth.I can't use it. When I followed this path Start-Toshiba-bluetooth-bluetooth settings, something happens to my screen that install the Bluetooth driver... Please wait
-
Portege R400-600 - installed some SW and everything has stopped working...
Hello: I installed a few SW and: 1. the menu that appears at the top of the screen when you press the Fn key with something arrested appear. 2. the blue icon on the front of the machine that displays the status of the WLAN has stopped working, althou
-
When the computor screen projector turns black after hitting fn F8 and screen projector flashes
When you use a projector my computor screen turns black after hitting the fn F8 and screen projector flashes in and out, how to fix?
-
Eyperlink on Excel with Vista gives error cancelled operation
When I try to open a hyperlink in Excel, I get a message that says, "this operation has been cancelled due to restrictions in effect on this computer". What could be the problem? I am the administrator, then, what can I do? Thank you. Tracy