Angeal
asked on
Untrusted Certificate for Cisco 2504 WLAN connections using 2003 Radius server
Hi Experts,
I've recently deployed a Cisco 2504 WLAN controller with 2 AIR-CAP2602I-A-K9 wireless APs authenticating with a RADIUS server (IAS Server 2003).
Everything is working normally. The only downside is that when users authenticate using a mobile device, they are notified that the certificate is untrusted.
Is there a work around? Can I configure the Wireless controller or RADIUS server to not validate the cert?
Please help.
Thanks,
A.
I've recently deployed a Cisco 2504 WLAN controller with 2 AIR-CAP2602I-A-K9 wireless APs authenticating with a RADIUS server (IAS Server 2003).
Everything is working normally. The only downside is that when users authenticate using a mobile device, they are notified that the certificate is untrusted.
Is there a work around? Can I configure the Wireless controller or RADIUS server to not validate the cert?
Please help.
Thanks,
A.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Yep, 3rd Party Cert is the way to go with Mobile devices unless you are using a local "AnyConnect" type of account on the VPN. Then an internal self signed cert will work fine.
ASKER
Thanks for all the feedback everyone.
Our company purchased a signed wildcard cert from GoDaddy a few months ago. Do any of you know if this cert would be compatible with the 2504 WLC?
Cheers,
A.
Our company purchased a signed wildcard cert from GoDaddy a few months ago. Do any of you know if this cert would be compatible with the 2504 WLC?
Cheers,
A.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi Craigbeck,
From your post it looks like there 3 ways to use certificate for WLC:
1. Web administration of the WLC
2. The web authentication page
3. Local EAP (PEAP and EAP-TLS)
Which is the one that is used by wireless devices to "trust" the connection? And where should it be uploaded on the 2504?
I've found 2 places to upload a cert on the 2504 web admin page.
1. Security > Web Auth > Certificate (Keep in mind our WLAN's aren't using a Layer 3 Web Policy)
2. Management > HTTP-HTTPS
I'm using a local cert for the PEAP encription on the IAS RADIUS server.
Thanks for your help... and sorry for the n00b questions.
Cheers,
A.
From your post it looks like there 3 ways to use certificate for WLC:
1. Web administration of the WLC
2. The web authentication page
3. Local EAP (PEAP and EAP-TLS)
Which is the one that is used by wireless devices to "trust" the connection? And where should it be uploaded on the 2504?
I've found 2 places to upload a cert on the 2504 web admin page.
1. Security > Web Auth > Certificate (Keep in mind our WLAN's aren't using a Layer 3 Web Policy)
2. Management > HTTP-HTTPS
I'm using a local cert for the PEAP encription on the IAS RADIUS server.
Thanks for your help... and sorry for the n00b questions.
Cheers,
A.
You don't need to upload a certificate to the WLC if you're using the 2003 server for RADIUS.
You'll only need a cert on the WLC if you're using it as a RADIUS server. In this case, you're not.
You'll only need a cert on the WLC if you're using it as a RADIUS server. In this case, you're not.
ASKER
Now I'm confused. How do I resolve my issue then? How do I prevent devices that are connecting from getting the "Untrusted Certificate" notification when they connect.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for everyone input. I had to add a trusted cert to the RADIUS server.
A.
A.