Security

Reply
Occasional Contributor II

Cisco WLC web-auth and ClearPass Guest

I've run into the common issue that the Cisco WLC web-auth by default uses a self signed cert for https.  While I understand that I could A) install a public CA cert, or B) change to http for web-auth I've run into the issue that both of these options require rebooting the WLC.

 

At this point I'm going to be forced to wait several weeks for a scheduled downtime to make this change.

 

Any chance there's some way around this that I'm missing?  Is there any configuration that would negate the need to display the https/http page from the WLC virtual interface in the users browser?

Aruba Employee

Re: Cisco WLC web-auth and ClearPass Guest

Every vendor seems to use a slightly different method for intercepting and redirecting to captive portals. Unfortunately, I've not found a way to avoid the Cisco WLC from using it's certificate as part of that redirect. Part of this is due to the authentication trigger, where the client posts back to the WLC to generate the authentication process. That will typically use/require https, again invoking the WLC's certificate to process.

 


Charlie Clemmer
Aruba Customer Engineering

Re: Cisco WLC web-auth and ClearPass Guest

If you use server-initiated instead of controller-initiated on CPPM, I believe you get around this as long as you have a valid cert on CPPM.

Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACCA
[If you found my post helpful, please give kudos!]
Occasional Contributor II

Re: Cisco WLC web-auth and ClearPass Guest

I do have a valid cert on CPPM, that part is working well.  How do I move to server-initiated instead of controller-initiated?

 

Thanks!

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: