Web Auth Certificate .PEM format

Hello,
I'm trying to put a web auth certificate on my controller and am unable to do so. When I click the 'Help' button on the controller, it says the certificate needs to be in .PEM format. The certificate I have is just in .txt format, how do I convert it to .pem? Any thoughts or ideas would be appreciated.

Here is the link from Cisco.
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00806e367a.shtml

Similar Messages

Urgent - NAC+ACS+Web-Auth in Wired environment - https redirection - Certificate Issue

Hi everyone.
I'm seting up an environment which uses Web-Auth for my wired and wireless networks. I have followed the exact same steps in this Cisco page to get it working:
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6638/app_note_c27-577490.html
I'm only testing the wired environment right now.
I plug a PC to a port, and I try to get access to a randon internet page (for example www.cisco.com) . It is automatically redirected to authentication page. I type the username and password, but, when authentication passes, it goes automatically to https version of the page, which brings me to the problem. I have to add an exception (continue on this webpage option on IE) to that page in order to continue with the authentication and get the access to the internet. I'm attaching the steps I have to perform:
I think it is related to Certificate, but I'm not quite sure which or where. I'd like to have some advices from you to avoid this problem. I'm not planning to buy any certificates, so if I could skip the https would be great.
Thanks a bunch for your help
Victor Alves

You need a certificate that your client will trust.
Easy way is to buy one from an official source. All PC browsers have a list of the major cert vendors so that's automatically trusted.
You could issue the certificate yourself also, for free :
-Self signed : the signing authority is the switch ... That means you need all your PCs to trust all your switches. Manual operation ...
-You create an enterprise CA and create a certificate for all your switches : you just need your clients to trust your enterprise CA so that's still a manual task but a simpler one.
When laptops are integrated in a domain, it's usually easier to create your CA on windows server and push the certificates to the clients automatically

Guest WLAN and Web Auth?

Hi Guys,
Maybe someone can help me out?
I just finished setting up a trial "Cisco Virtual Wireless Controller" with nearly the same configuration as our Physical
"Cisco Wireless Controller" with the exception of having 2 ports. Anyhow, I managed to get everything working except for the WEB AUTH on the Guest WLAN. When a client connects, he gets a DHCP address from our ASA but when we try to get to a website, we never reach the WEB AUTH page.
What I tried so far is..
add a DNS Host Name to the virtual interface and assign it to our internal DNS server.dns name was resolving but we were unable to ping 1.1.1.1
changed the virtual ip from 1.1.1.1 to 2.2.2.2 and modified the DNS entrydns name resoved but still could not ping 2.2.2.2(I think this is normal)
changed the virtual IP to a private address of 192.168.102.1 and modified the dns entrysame result
I've attached some screenshots of our configuration.

Troubleshooting Web Authentication
After you configure web authentication, if the feature does not work as expected, complete these
troubleshooting steps:
Check if the client gets an IP address. If not, users can uncheck
DHCP Required
on the WLAN and
give the wireless client a static IP address. This assumes association with the access point. Refer to
the
IP addressing issues
section of
Troubleshooting Client Issues in the Cisco Unified Wireless
Network for troubleshooting DHCP related issues
1.
On WLC versions earlier than 3.2.150.10, you must manually enter
https://1.1.1.1/login.html
in
order to navigate to the web authentication window.
The next step in the process is DNS resolution of the URL in the web browser. When a WLAN client
connects to a WLAN configured for web authentication, the client obtains an IP address from the
DHCP server. The user opens a web browser and enters a website address. The client then performs
the DNS resolution to obtain the IP address of the website. Now, when the client tries to reach the
website, the WLC intercepts the HTTP Get session of the client and redirects the user to the web
authentication login page.
2.
Therefore, ensure that the client is able to perform DNS resolution for the redirection to work. On
Windows, choose
Start > Run
, enter
CMD
in order to open a command window, and do a nslookup
www.cisco.com" and see if the IP address comes back.
On Macs/Linux: open a terminal window and do a nslookup www.cisco.com" and see if the IP
address comes back.
If you believe the client is not getting DNS resolution, you can either:
Enter either the IP address of the URL (for example, http://www.cisco.com is
http://198.133.219.25)
♦
Try to directly reach the controller's webauth page with
https:///login.html. Typically this is http://1.1.1.1/login.html.
♦
Does entering this URL bring up the web page? If yes, it is most likely a DNS problem. It might also
be a certificate problem. The controller, by default, uses a self−signed certificate and most web
browsers warn against using them.
3.
For web authentication using customized web page, ensure that the HTML code for the customized
web page is appropriate.
You can download a sample Web Authentication script from Cisco Software Downloads. For
example, for the 4400 controllers, choose
Products > Wireless > Wireless LAN Controller >
Standalone Controllers > Cisco 4400 Series Wireless LAN Controllers > Cisco 4404 Wireless
LAN Controller > Software on Chassis > Wireless Lan Controller Web Authentication
Bundle−1.0.1
and download the
webauth_bundle.zip
file.
These parameters are added to the URL when the user's Internet browser is redirected to the
customized login page:
4.
ap_mac The MAC address of the access point to which the wireless user is associated.
♦
switch_url The URL of the controller to which the user credentials should be posted.
♦
redirect The URL to which the user is redirected after authentication is successful.
♦
statusCode The status code returned from the controller's web authentication server.
♦
wlan The WLAN SSID to which the wireless user is associated.
♦
These are the available status codes:
Status Code 1: "You are already logged in. No further action is required on your part."
♦
Status Code 2: "You are not configured to authenticate against web portal. No further action
is required on your part."
♦
Status Code 3: "The username specified cannot be used at this time. Perhaps the username is
already logged into the system?"
♦
Status Code 4: "You have been excluded."
♦
Status Code 5: "The User Name and Password combination you have entered is invalid.
Please try again."
♦
All the files and pictures that need to appear on the Customized web page should be bundled into a
.tar file before uploading to the WLC. Ensure that one of the files included in the tar bundle is
login.html. You receive this error message if you do not include the login.html file:
Refer to the Guidelines for Customized Web Authentication section of Wireless LAN Controller Web
Authentication Configuration Example for more information on how to create a customized web
authentication window.
Note:
Files that are large and files that have long names will result in an extraction error. It is
recommended that pictures are in .jpg format.
5.
Internet Explorer 6.0 SP1 or later is the browser recommended for the use of web authentication.
Other browsers may or may not work.
6.
Ensure that the
Scripting
option is not blocked on the client browser as the customized web page on
the WLC is basically an HTML script. On IE 6.0, this is disabled by default for security purposes.
7.
Note:
The Pop Up blocker needs to be disabled on the browser if you have configured any Pop Up
messages for the user.
Note:
If you browse to an
https
site, redirection does not work. Refer to Cisco bug ID CSCar04580
(registered customers only) for more information.
If you have a
host name
configured for the
virtual interface
of the WLC, make sure that the DNS
resolution is available for the host name of the virtual interface.
Note:
Navigate to the
Controller > Interfaces
menu from the WLC GUI in order to assign a
DNS
hostname
to the virtual interface.
8.
Sometimes the firewall installed on the client computer blocks the web authentication login page.
Disable the firewall before you try to access the login page. The firewall can be enabled again once
the web authentication is completed.
9.
Topology/solution firewall can be placed between the client and web−auth server, which depends on
the network. As for each network design/solution implemented, the end user should make sure these
ports are allowed on the network firewall.
Protocol
Port
HTTP/HTTPS Traffic
TCP port 80/443
CAPWAP Data/Control Traffic
UDP port 5247/5246
LWAPP Data/Control Traffic
(before rel 5.0)
UDP port 12222/12223
EOIP packets
IP protocol 97
Mobility
UDP port 16666 (non
secured) UDP port 16667
(secured IPSEC tunnel)
10.
For web authentication to occur, the client should first associate to the appropriate WLAN on the
WLC. Navigate to the
Monitor > Clients
menu on the WLC GUI in order to see if the client is
associated to the WLC. Check if the client has a valid IP address.
11.
Disable the Proxy Settings on the client browser until web authentication is completed.
12.
The default web authentication method is PAP. Ensure that PAP authentication is allowed on the
RADIUS server for this to work. In order to check the status of client authentication, check the
debugs and log messages from the RADIUS server. You can use the
debug aaa all
command on the
WLC to view the debugs from the RADIUS server.
13.
Update the hardware driver on the computer to the latest code from manufacturer's website.
14.
Verify settings in the supplicant (program on laptop).
15.
When you use the Windows Zero Config supplicant built into Windows:
Verify user has latest patches installed.
♦
Run debugs on supplicant.
♦
16.
On the client, turn on the EAPOL (WPA+WPA2) and RASTLS logs from a command window, Start
> Run > CMD:
netsh ras set tracing eapol enable
netsh ras set tracing rastls enable
In order to disable the logs, run the same command but replace enable with disable. For XP, all logs
will be located in C:\Windows\tracing.
17.
If you still have no login web page, collect and analyze this output from a single client:
debug client
debug dhcp message enable
18.
debug aaa all enable
debug dot1x aaa enable
debug mobility handoff enable
If the issue is not resolved after you complete these steps, collect these debugs and use the TAC
Service Request Tool (registered customers only) in order to open a Service Request.
debug pm ssh−appgw enable
debug pm ssh−tcp enable
debug pm rules enable
debug emweb server enable
debug pm ssh−engine enable packet

WiSM 7.0.116 Web-Auth Fail & GUI Management Fail

Dears,
I find two log:
*spamReceiveTask: Jul 28 08:38:28.078: %LWAPP-3-RADIUS_ERR: spam_radius.c:137 Could not send join reply, AP authorization failed; AP:00:14:69:3b:ee:20
*emWeb: Jul 28 08:38:17.314: %PEM-1-WEBAUTHFAIL: pem_api.c:4990 Web authentication failure for station 00:25:d3:9a:cb:da
Then, Wireless Client cannnot access web-auth page, and I cannot access the controller management GUI.
When the first Radius Fail, It happened!!!
I don't know why happen it @@"
Device:
WiSM
7.0.196

- Model of AP?
- Console log of this AP as it boots up?
- From WLC CLI, send "show network summary"
- From WLC GUI, send snapshot of
Managment > HTTP-HTTPS
Security > WebAuth > Certificate
Controller > Interfaces
- Did you try adding the mac address of AP 00:14:69:3b:ee:20 in the AP authorization list OR under mac filtering
- On WLC GUI, capture a snapshot of Security > AP Policies
Then under same tab, click on Add > enter mac address of AP 00:14:69:3b:ee:20 > enter certificate type MIC
and see if this AP can join

How to install PEM-format SSL private key from weblogic to NES

I have unexpired PEM-format certificates in my weblogic 8.1sp4 domain. Since the architecture requires us to use Iplanet 6.0sp2 as the http/https server, we have to move the certificates to iplanet side. Is that possible ? Especially the private key ? Iplanet has key8.db format files. How do I install a PEM key in iplanet and store it in key3.db file ? Thanks !

Hi
I've already found code to answer my second question, but my first question still remains, is there a way that I can change a Encrypted Private Key Info for PEM to DER format??? I tried to delete the header and footer of some key in PEM format and Base64 decode the body, but It launches a Exception when I'm trying to create the EncryptedPrivateKeyInfo object.
Thank you

WLC 5508, 7.4.100.0, dot1x and web auth

Release notes for 7.4.100.0 states;
"Security during client authentication is enhanced by applying both 802.1X and Web Authentication for a WLAN."
Anybody know anything about this and how-to's?
Eirik

I know what it is. :-)
Want to test to use web auth after dot1x. Do not trust dot1x alone anymore, now that it is so easy to steal sertificates from laptops...
Would like to force users (after eap-tls with certificate) to logon using their AD cred.
Eirik
Sent from Cisco Technical Support iPad App

Web Auth Re-Authentication Problem

2500 series controller. 1140 APs.
I have set my idle and session timout to both be 57600 (16 hours) yet we have users getting re-prompted for web auth every few hours.
Please advise.
(Cisco Controller) >
(Cisco Controller) >*pemReceiveTask: May 02 18:28:02.826: 60:fa:cd:a8:9c:8e Sent an XID frame
*apfReceiveTask: May 02 18:33:01.538: 60:fa:cd:a8:9c:8e 172.16.60.15 WEBAUTH_REQD (8) Web-Auth Policy timeout
*apfReceiveTask: May 02 18:33:01.538: 60:fa:cd:a8:9c:8e 172.16.60.15 WEBAUTH_REQD (8) Pem timed out, Try to delete client in 10 secs.
*apfReceiveTask: May 02 18:33:01.538: 60:fa:cd:a8:9c:8e Scheduling deletion of Mobile Station: (callerId: 12) in 10 seconds
*osapiBsnTimer: May 02 18:33:11.538: 60:fa:cd:a8:9c:8e apfMsExpireCallback (apf_ms.c:589) Expiring Mobile!
*apfReceiveTask: May 02 18:33:11.538: 60:fa:cd:a8:9c:8e apfMsExpireMobileStation (apf_ms.c:5584) Changing state for mobile 60:fa:cd:a8:9c:8e on AP 3c:ce:73:49:7f:30 from Associated to Disassociated
*apfReceiveTask: May 02 18:33:11.538: 60:fa:cd:a8:9c:8e Scheduling deletion of Mobile Station: (callerId: 45) in 10 seconds
*osapiBsnTimer: May 02 18:33:21.538: 60:fa:cd:a8:9c:8e apfMsExpireCallback (apf_ms.c:589) Expiring Mobile!
*apfReceiveTask: May 02 18:33:21.538: 60:fa:cd:a8:9c:8e Sent Deauthenticate to mobile on BSSID 3c:ce:73:49:7f:30 slot 0(caller apf_ms.c:5678)
*apfReceiveTask: May 02 18:33:21.538: 60:fa:cd:a8:9c:8e apfMsAssoStateDec
*apfReceiveTask: May 02 18:33:21.538: 60:fa:cd:a8:9c:8e apfMsExpireMobileStation (apf_ms.c:5716) Changing state for mobile 60:fa:cd:a8:9c:8e on AP 3c:ce:73:49:7f:30 from Disassociated to Idle
*apfReceiveTask: May 02 18:33:21.538: 60:fa:cd:a8:9c:8e pemApfDeleteMobileStation2: APF_MS_PEM_WAIT_L2_AUTH_COMPLETE = 0.
*apfReceiveTask: May 02 18:33:21.538: 60:fa:cd:a8:9c:8e 172.16.60.15 WEBAUTH_REQD (8) Deleted mobile LWAPP rule on AP [3c:ce:73:49:7f:30]
*apfReceiveTask: May 02 18:33:21.538: 60:fa:cd:a8:9c:8e apfMs1xStateDec
*apfReceiveTask: May 02 18:33:21.538: 60:fa:cd:a8:9c:8e Deleting mobile on AP 3c:ce:73:49:7f:30(0)
*pemReceiveTask: May 02 18:33:21.540: 60:fa:cd:a8:9c:8e 172.16.60.15 Removed NPU entry.

Its happening with multiple types of devices. Apple laptops, iPhones, Windows Mobile Phones, etc. A user will connect to the wireless and accept the agreement on the web auth page. A few hours later, she will try to surf the web again and be re-prompted with the page to authenticate. We do not want this. We only want this page to come up every 16 hours.

Web Auth FAIL on guest wlan

We have a 2100 Wlan controller set up with multiple wlans.
We are having problems on the Guest VLAN in that everytime a user tries to authenticate via Web Auth, they fail and are redirected to the username/password page.
Local accounts have been added and the WLAN has been set up to use web auth but each time a user tries to authenticate the following message is in the log:-
NOV 21 09:47:21.852 pem_api.c:4513 PEM-1-WEBAUTHFAIL : Web Authentication Failure for station aa:bb:cc:dd:ee:ff
If the box is rebooted it works for around an hour, then begins to fail again.
Any ideas?

Here is the configuration guide for the Webauthentication for WLC with example it may help you to troubleshoot and configuration
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008067489f.shtml

How to generate CSR on switches for web auth with NGS

Hello
I am doing a dot1x solution with web auth on cisco 3750 switches.
Once the wired client get put into web auth state (after dot1x and mab) and goes to a website, he gets a certificate warning. This is because the certificate of the cisco switch is selfsigned.
I want to use a verisign certificate to solve this error, but I cannot find a way to generate a CSR on a switch. I only found a guide how to request a certificate from a CA on the local network, but this is also not a solution, because the clients using the web auth, will not know the internal CA.
Is there any way to solve this?
Greetings
Steven

Hi Steven,
The below document is actually for IOS SSLVPN, but the certificate portion should be the same:
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6657/white_paper_c07-372106_ps6657_Products_White_Paper.html
Search for "Appendix B" and it goes into creating a trustpoint and then one section is for self-signed and another is for generating a certificate request to send to an external CA.
Once a trustpoint is created the command to actually generate the CSR is "crypto pki enroll ".
This document goes into a little more detail on all the indivual commands and what they do:
http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/sec_cert_enroll_pki.html
Also you could use something external to the switch like OpenSSL to generate the CSR/private key and then use that to request a cert from your Verisign CA and then import the cert/keypair into the IOS device.
Thanks,
Nate

Customized Web-Auth Bundle

Hi
I am trying to upload a customized web-auth bundle to a WLC 5508 and having some issues.
I have downloaded the web-auth bundle from Cisco and used this as a template to create the web pages.
I seem to recall that there is only a couple of Windows tools that you can use to TAR the file such as TUGZIP and IZARC. Anyway I have tried both and I still cannot get the file to extract. I have tried to strip the file out so that I only send up the login.html page and even this does not work.
I am using a software release 7.0.220.0
The error message I receive when I do a TFTP is
Error extracting webauth files.
Any help would be appreciated
Thanks
Greg

Hi Greg:
I hope you find the answer here:
You can compress the page and image files used for displaying a web authentication login page into a.tar file for download to a controller. These files are known as the webauth bundle. The maximum allowed size of the files in their uncompressed state is 1 MB. When the .tar file is downloaded from a local TFTP server, it enters the controller's file system as an untarred file.
Note If you load a webauth bundle with a .tar compression application that is not GNU compliant, the controller cannot extract the files in the bundle and the following error messages appear: "Extracting error" and "TFTP transfer failed." Therefore, we recommend that you use an application that complies with GNU standards, such as PicoZip, to compress the .tar file for the webauth bundle.
Reference: http://tiny.cc/rbqbfw
So double check the size and tarring utility.
Try to use WinRar or 7Zip if the tarring format is the issue.
HTH
Amjad

Converting Netscape cert7.db file to PEM format

Does anyone know of a recommended way to convert a Netscape cert7.db file to PEM format so that clients can connect to the Sun Directory securely over TSL/SSL using, for example, Perl/Net::LDAPS. Net::LDAPS and other client ldap implementations often need to refer to a certificate store in PEM format.
I figured out how to do this with the old iPlanet Directory 4.16 series,
but with the new Sun 5.2 series, I'm hitting an interesting wall.
First, I install my campus CA's cert as well as the server cert (oldsage.berkeley.edu) to be used for TLS/SSL connections...
%/opt/sunone/lib/nss/bin/certutil -A -n "UCB-CA" -t "CT,," -a -i /home/staff/robreid/ssl-certs/ucb-ca.cer -d /directoryServerPath/alias -P 'slapd-oldsage-'
%/opt/sunone/lib/nss/bin/certutil -A -n "oldsage.berkeley.edu" -t "u,," -a -i /home/staff/robreid/ssl-certs/oldsage.cer -d /directoryServerPath/alias -P slapd-oldsage-
I can verity that the certs are installed properly...
%/opt/sunone/lib/nss/bin/certutil -L -d /directoryServerPath/alias -P slapd-oldsage-
Certificate Name Trust Attributes
server-cert u,,
UCB Issuing Certificate Authority 02 CT,,
Now, the conversion to PEM is interesting.
First I have to convert the cert7.db and key3.db files to a PKCS12 format, and this is where the problem begins... (Note, I do strip out the private key(s) as well but I'm not going to document those steps here)
%/opt/sunone/lib/nss/bin/pk12util -o /home/staff/robreid/ssl-certs/oldsage-alias/oldage.pkcs12.cert2 -n "server-cert" -d /directoryServerPath/alias -P 'slapd-oldsage-'
Notice that I have to refer to the certificate as 'server-cert' rather then
'oldsage.berkeley.edu'. This will cause problems after the next steps, where I convert the PCKS12 file to PEM format...
%/usr/local/openssl/bin/openssl pkcs12 -in /home/staff/robreid/ssl-certs/oldsage-alias/oldage.pkcs12.cert2 -out /home/staff/robreid/ssl-certs/oldsage-alias/oldsage.pem.cert
%ln -s oldsage.pem.cert `/usr/local/openssl/bin/openssl x509 -hash -noout < oldsage.pem.cert`.0
And the problem is that the certificate baggage in the PEM file is named
'server-cert' and not 'oldsage.berkeley.edu', which then causes client to encounter the 'hostname mismatch' error when attempting to verify the certificate as it tries to connect securely to the Directory.
Does anyone know where I'm going wrong and of a better technique to use?
Also, does the Sun Directory Proxy Server also use the same Netscape cert7/key3.db system for it's certificate database/store?
Thanks a bunch for any insights,
Rob Chevalier
University of California, Berkeley

Hi,
The necessary certificates have been sent to me
me in .cer file format.....can someone fill me in on
how to create this database file? I'm currently
working in a Win2K environment, incase that is
relevant.You have several options. The easiest way to create the certificate database if you import the certificate using a Netscape Communicator or Mozilla browser.
Alternatively, you can use certutil from NSS (http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html)
to create an empty database:
certutil -N -d .
(this creates an empty database in the current directory)
Next, you will have to add the certificates to the database:
certutil -A -d . -n <an arbitrary name for your certificate> -t C,, -i <certificate-file>
Check the above referenced manual for the description of these options.
Also, chapter 30 of the Directory Server Resource Kit Reference (http://docs.sun.com/source/816-6400-10/pkcsutil.html) has pointers to various tools that can be useful during development.
I hope this helps.
Bertold

WEB-AUTH Page customization

Hi, All can anybody let me know how can I customize the WEB-AUTH login page. If I want to put some image & background how can I do that ? do we need anything special software ..how can I download & upload page from Controller...how can I edit the Page...please help me to do this....
I appreciate your response.

Hi,
I would suggest that when you test the default web auth page as a user on the "guest" network (or even use the preview page but the code may be slightly different, you should be able to view the source code from within your browser (e.g. within Firefox use Ctrl-U). You can then use this as a basis for creating your own page.
In terms of HTML tools there are many available, but I use MS-Word 2003 and when necessary the script editor within MS-Word 2003. Once you are happy with your page save in the appropriate format. You can create a page as you want to see it and then convert it to HTML, and then remembering to embed the required "username" and "password" fields and the submit button.
HTH

Web auth not working on new controllers

We are currently experiencing a problem with web auth on one of our sites. This uses WiSM2 controllers running version 7.2.110.0 of the software.
The affected SSID is set up for web auth exactly the same way as our other site and that works (although that uses WiSMs running 7.0.230.0).
Both sites use the same web auth bundle and the same certificate. We have a DNS entry that points back to the virtual interface IP they all use which is 1.1.1.1.
When users connect to the SSID they are not being presented with the login page. Running a preview on the controller at the problem sites shows the correct page that should be being displayed.
The controllers have had the certificate re-applied, the web auth bundle reloaded on and have been upgraded from 7.2.103.0 to 7.2.110.0 but none of these have resolved the issue. All other SSIDs work fine, but this is the only one that uses web auth.
As I say, the only configuration difference is the hardware (WiSM2 vs WiSM) and the software level.
Any suggestions?

When you mention that the login page does not open, that usually means that is a DNS issue. Make sure that you allow DNS from the guest subnet to the DNS server in which the FQDN of the certificate is being resolved.
Are you anchoring the guest ssid to an anchor controller? It would be the same troubleshooting, but make sure the anchor is configured correctly. The foreign wlc guest ssid needs to have a mobility anchor to the anchor wlc and the FW needs to allow DNS back in if your using an internal DNS server.
If you are not using an anchor wlc, the best way to test is to map the guest to another dynamic interface on the inside network that is working. If that works, your FW is blocking DNS on the guest subnet. You also can remove the FQDN (make sure it was entered correctly) from the VIP and test. If that fixes it, then DNS was not resolving the certificate FQDN.
Hope this helps
Sent from Cisco Technical Support iPad App

Remove Web-Passthrough certificate error bypass

I'm almost positive I read somewhere on the board that there was a way tp prevent the certificate error from appearing on a Web-Passthrough portal page WITHOUT installing a certificate. Will someone please post a link?

you can disable secure webauth
Cisco Controller) >config network web-auth secureweb enable/disable
Enable - Enables https for web-auth redirection.
Disable - Enables http for web-auth redirection.
HTH,
Steve
Please remember to rate useful posts, and mark questions as answered

Cells merge issue when extracting webi report in excel format

Hi Experts,
We have some WEBI reports in BO XI 3.1.
The reports have header where we are showing report name and some values which user selects in prompt.
Now the issue is that when we save our webi report in excel format, many cells get merge.
I have read many post on scn which suggest some solutions like changing the autofit width option to no and aligning the header width with colums.
Tried both the option but no success.
Is there any other way to achieve this.
Thanks in advance,
Regards,
Rishabh

Hi,
We managed to find the workaround for this merge cell issue.
Sharing it might be helpful for someone.
- Align the report name and other block in report in such a way that the ends are in line with the end point of any column. The only limitation is that when applying pivot to the excel output we neet to click on any of the ccolumn so that excel identify the data set.
- Second workaround is to break the webi document in two parts report1 will contain the report name and the block to show the prompt values selected by the user where as report2 will contain the table withactual data. The only limitation with this workaround is that when exporting the repot output to excel we will get two tabs in the excel sheet one containing the prompt values and secont tab containing the actual data.
Regards,
RS

Web Auth Certificate .PEM format

Similar Messages

Maybe you are looking for