Cisco WLC Installing a 3rd Party SSL Certificate for Guest Access
please follow see the link...
http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080a77592.shtml
An important thing to have in mind is to add DNS Host Name in the controller Virtual interface so it matches the certificate host.
A DNS entry resolving 1.1.1.1 to Host Name on Virtual Interface
example ip addres 1.1.1.1
DNS Host Name wlc.yourdomain.com
Particularly this DNS host change gave me a lot of problems with my DNS team. but finally they end up adding this to the DNS server facing the internet. and adding A record. everything works as expected, the only issue i found, GeoTrust is not supported on Firefox only works on IE7 and Google Chrome. there is a solution on the Geotrust site, but not yet implemented. working on it...
Note from Cisco doc.
"Note: It is important that you provide the correct Common Name. Ensure that the host name that is used to create the certificate (Common Name) matches the Domain Name System (DNS) host name entry for the virtual interface IP on the WLC and that the name exists in the DNS as well. Also, after you make the change to the VIP interface, you must reboot the system in order for this change to take effect."
http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080a77592.shtml
http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a0080a38c11.shtml
please follow see the link...
http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080a77592.shtml
An important thing to have in mind is to add DNS Host Name in the controller Virtual interface so it matches the certificate host.
A DNS entry resolving 1.1.1.1 to Host Name on Virtual Interface
example ip addres 1.1.1.1
DNS Host Name wlc.yourdomain.com
Particularly this DNS host change gave me a lot of problems with my DNS team. but finally they end up adding this to the DNS server facing the internet. and adding A record. everything works as expected, the only issue i found, GeoTrust is not supported on Firefox only works on IE7 and Google Chrome. there is a solution on the Geotrust site, but not yet implemented. working on it...
Note from Cisco doc.
"Note: It is important that you provide the correct Common Name. Ensure that the host name that is used to create the certificate (Common Name) matches the Domain Name System (DNS) host name entry for the virtual interface IP on the WLC and that the name exists in the DNS as well. Also, after you make the change to the VIP interface, you must reboot the system in order for this change to take effect."
http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080a77592.shtml
No comments:
Post a Comment