Information About Web Authentication Certificates
The operating system of the controller automatically generates a fully functional web authentication certificate, so you do not need to do anything in order to use certificates with Layer 3 web authentication. However, if desired, you can prompt the operating system to generate a new web authentication certificate, or you can download an externally generated SSL certificate.
Starting with 7.0.250.0 and 7.3.101.0 releases (but not in 7.2.x release), SHA2 certificates are supported.
Note |
|
Note |
For WEB UI access using TACACS+ server, custom method-list for authentication and authorization pointing to the TACACS+ server group does not work. You should use the default authorization method-list pointing to the same TACACS+ server group for the WEB UI to work. |
Support for Chained Certificate
Cisco WLC allows the device certificate to be downloaded as a chained certificate (up to a level of 2) for web authentication. Wildcard certificates are also supported. For more information about chained certificates, see the Generate CSR for Third-Party Certificates and Download Chained Certificates to the WLC document at http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/109597-csr-chained-certificates-wlc-00.html.
Note |
While installing certificate for web authentication for Release 7.6, certificate load fails due to Missing Root CA cert error. Please download a chained certificate that includes intermediate Certificate Authority (CA) & root CA and install it on the Cisco WLC. |