WLC 2106 CSR Request For Web Authentication
Greetings, ive been following the guide below in order to replace the web auth certficate for guest users on our WLC2106.
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00806e367a.shtml
Does anyone know of a method of using Windows 2003 CA Services to sign the CSR, i have tried but i can't get a PEM out of it, just X509 and P7B Certs, i do realise that Guest Users not native to our network will still be presented with an invalid certificate option but would like to try the configuration before paying to have the certificate properly signed.
Regards
This document assumes that the CA server configuration on the Microsoft Windows 2003 server is in place. This document covers the configuration required on the Wireless LAN controller in order to enable this feature.
http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080a99e23.shtml#Cert-WLC
Similar Messages
-
Guest Parameter for Web Authentication
Hi Forum,
Just to find out a little more detail in regards to the guest account created for web authentication using Ambassador account.
1) If the authenticated guest did not perform a proper logout, what action will the WLC take?
2) As such, is there any timeout involved?
Where can i tune the timeout?
Rdgs,
KelvinHi I just wanted to add what I have found regarding WCS and the guest feature.
-There are two ways to configure a "local net user". The first is a static guest ID that has the "guest" flag off. This means that the client's session will not timeout. The second is to specify the "guest" user checkbox and give it a timeout value in seconds.
This should let you control how long a user is logged in.
From the WLC login, go to SECURITY --> LOCAL NET USERS --> then click on NEW. From there you can specify a user ID and also set that optional guest user box. If you click on the Guest User box then you will see a timeout field.
With my guest account set to not be a guest user (no timeout value), I have noticed the following.
1. If a guest gets disconnected, usually they will reassociate and still be able to log in.
2. If a guest has problems, I usually tell them to disable their wireless card, close all browser windows, and then reassociate to the network.
The steps above have worked well for my setup... -
MAC Exception for Web Authentication
Hello folks. I currently have a guest network setup using guest tunneling and an anchor controller. I have it configured for web authentication. So basically, a client associates to the SSID, obtains an DHCP IP from the guest anchor controller, and then when the browser is launched the client is redirected to 1.1.1.1 and receives the splash page where they are required to click "OK" to proceed and begin surfing the internet.
I am being told from a vendor that it's possible to use a mac-address exception method so specific clients (based on mac address) will not have to web authenticate. So basically they bypass the splash screen and can immediately begin surfing the internet.
From what I can tell it's all or nothing per SSID.
Has anyone ever heard of this and if so do you know how it is accomplished.
Thanks
ChuckI've seen people ask for something like this for like an XBOX in a dorm (appearently XBOX doesn't have a browser?).....
Bottom line though is that on the WLC, all wireless clients on a WebAuth/WebPassthrough SSID must pass layer3 authentication. There is no way around this on this SSID. You'd have to create a different SSID as Scott suggested, which I'd probably suggest doing some kind of PSK on it, so only a few priveledged devices can associate.... you could even through in mac-filtering if you really wanted to complicate it....
Now, I understand that switches may have such a feature called mac-bypass, but it isn't on the WLC. -
How sharepoint understand when user requests for web applications by their DNS names
HI
I configured Alternate access mapping in my sharepoint farm for default ,intranet zones
and spt farm has two web front end servers and they load balancing by F5 device
in WFE servers there are different web applications are running on different ports
so here I want to know how load balancing works, load balancing configured in F5 device.
when users request a webapplication from browser (ex http://cms) where this request will go
1)when I ping cms and other web applicaations it returns me a loadbalancer server IP for all web applications;
ping cms : it returns 10.xxx.0.80 , same ip returns when I ping for other web app
but ex CMS web application run on the 10.xxx.1.26:81 port in sharepoint server
2) and these sharepoint web applications running on different ports in sharepoint web servers , so here how sharepoint understand when user requests for web applications by their DNS names
http://cms and http://products etc
adilI'm not sure if the F5 can add a port number (I'm not an expert on load balancers). But in general if you design the SharePoint site to run on port 81 then you need to have port 81 appended to the request or it won't work. http://cms in your
example would take you to http://cms:80 not http://cms:81. But in general DNS will resolve the address back to the F5 load balancer. The load balancer will look at the header of the HTTP request (which contains the original address you requested)
and forward the request to the appropriate web front end IP address. If your web front end is using one IP address for multiple sites then those sites need to be differntiated by using a custom port like 81 (which must be included in the original request)
or because a host header was bound to the web application when it was created. If they are running on different port numbers then the request must include the port number by the time it gets to the SharePoint server.
Paul Stork SharePoint Server MVP
Principal Architect: Blue Chip Consulting Group
Blog: http://dontpapanic.com/blog
Twitter: Follow @pstork
Please remember to mark your question as "answered" if this solves your problem. -
Port 80 for Web authentication?
Hi,
Is it possible to use port 80 for web authentication instead of port 443?Sure... on the later code versions you can set the WebAuth to use either http or https by disabling WebAuth SecureWeb (http) or enabling it for https.
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered" -
WLC5760 - CSR request for 3rd party certificate
I need to generate a CSR request to obtain a 3rd party certificate for my WLC.
i am not sure how i can do that. all document availble are for wlc 4400.
let me know if the same process will apply to wlc5760 as well.Thanks Matteo,
I managed to get it done, Yes I used OpenSSL to generate CSR.
Here what I have learnt about it, including WebAuth Cert installation on 5760. This may be useful to someone else.
http://mrncciew.com/2014/07/30/5760-webauth-certificates/
HTH
Rasika
**** Pls rate all useful responses **** -
Possible to use http for web authentication?
Hi All,
We are using WLC 2500 and AP 1041 with web authentication. Due to we do not have the trusted/public certificate and want to get rid of the certificate warning during the user login. I would like to ask if this is possible to change the web authentication method from HTTPS to HTTP. Thanks.
Rgds,
JackyHi Jacky,
Yes u can... But there is a catch..
1) If ur running WLC code below 7.2.X then the only option is to disable HTTPS globally (Meaning HTTPS management access disabled only HTTP).
2) If you are running 7.2.X and above, then you can use HTTP for client webauth and then HTTPS for Management access.
The command for disabling https for web authetication would be:-
config network web-auth secureweb disable
Hope that helps
Regards
Najaf
Please rate when applicable or helpful !!! -
Customized web page for web authentication.
Hi,
can any one share a working "customized webpage for web authenticaiton", Virtual IP address of the WLC is 5.5.5.5.
Thanks.Hi Nagesh,
Here's a great download which contains sample templates of each possible type of Web Policy on the WLC:
http://www.cisco.com/cisco/software/cart.html?imageGuId=7A2F6E79BAE4EFF389E1FA95D96936027AD30AE8
Best,
Drew -
JDev sends many net requests for web-jsptaglibrary_1_1.dtd
When using jDeveloper 9.0.3, I have observed:
On startup, jDev sends several (50?) requests to java.sun.com for web-jsptaglibrary_1_1.dtd.
The 'current' project in jDev is a web-prosject containing Struts 1.0.2, and the Struts TLD files are included as files in the project. (this is the only files where I can find a reference to the mentioned .dtd)
I can understand that jDev does a http get for this file, since the TLD file reference it as remote, but so many requests? (startup of jDev takes 2-3 minutes...)
If I remove that project from my workspace, and add it again, this behaviour is not seen before I start to edit a file in the project (makes it current project). Then startup of jDev changes from 15 seconds to 3 minutes.
Many requests for the DTD is also sent:
- if I close a TLD file with that .dtd reference in the editor pane,
- if I remove the project from the workspace.
Anyone else who have seen this behaviour? any workarounds?
thanks,
TrondAlan,
As far as I can see all the classes and jars are in the right place and the .tlds and .xml files all seem to tally
Check if commons-logging.jar is in your project WEF-INF/lib. If not copy it from <jdev_home>/jakarta-struts/lib.
Charles. -
WLC Virtual Interface config for a public SSL cert for Web Authentication
I'm trying to get a cert loaded on my 5508 WLC running 7.6.130.0 so when a Web-Auth users tries to authenticate they don't get the SSL cert error.
In the document "Generate CSR for Third−Party Certificates and
Download Chained Certificates to the WLC"
Document ID: 109597 it states the following
"Note: It is important that you provide the correct Common Name. Ensure that the host name that is
used to create the certificate (Common Name) matches the Domain Name System (DNS) host name
entry for the virtual interface IP on the WLC and that the name exists in the DNS as well. Also, after
you make the change to the VIP interface, you must reboot the system in order for this change to take
effect.
Here are my questions.
1. I have always had 1.1.1.1 as the address of the Virtual interface, should that change or can I leave it as 1.1.1.1?
2. In the "DNS Host Name" Field do I simply put the domain or the FQDN? Example. Company.com or hostname.company.comHi,
1) You can change that if you want. Normally it is non-Public and non-routable in your network.
2) Put the Host name for which you are going to give in your company DNS server where that Host name would be mapped to the Virtual ip address.
Regards
Dhiresh
** Please rate helpful posts** -
mx:request for Web Services
Hi, I am trying to invoke a web service which has nested
objects in the soap body. Could I specify objects in
<mx:request>? For example:
<mx:request>
<DeptId> 13</DeptID>
<Employee>
<Name> John Doe</Name>
</Employee>
</mx:request>
In general, what is a better way to create custom soap body
(e.g. with name space, etc.)?
Thanks,
EHI suggest building the request object in AS:
var oRequest:Object - new Object();
oRequest.stringProperty = "mystring";
oRequest.objectProperty = new
Object(prop1:"popvalue1,prop2:2, prop3:somevariable,...);
myHttpServiceId.send(oRequest);
Tracy -
Installation is requesting for Proxy Authentication. Why?
We have been trying to install Adobe CC for our teaching pools but every time it is requesting to enter proxy authentication. We are installing it over a wireless network that is free of proxy issues. Why is this happening? I tried looking for some numbers to call for support but there are none. Please help. We cannot proceed with our classes with this problem.
Creative Cloud chat support (all Creative Cloud customer service issues)
http://helpx.adobe.com/x-productkb/global/service-ccm.html -
WAD: Design request for web template with re-occuring table object
Hi all,
I'm trying to create a web template design in WAD (WAS 6.20) using javascript that would loop and re-use the same table web item object displaying different sales employee data. The challenges I'm facing is that the number of employees to report on might be different for the reporting period and the report should have a sales employee specific header preceeding each table. And also the customer is looking at receiving a canned (precalculated) report generated weekly.
I'm thinking that I could try looping through the 0salesemply characteristic values as displayed from a dropdown box object and pass the individual value as the table object's filter value and hopefully re-generate and render the same table with different filter values until the end of sales employee list of names is reached. Within that same loop, a second table pointing to a different data provider can also display selective data specific to that sales employee.
My question is would such a design render the same table item multiple times based on the number of 0salesemply values and on a single web page. Would such a design work or would I need to look at designing a BSP application querying the ODS table directly.
If anyone has any comments on how else I can achieve this or can provide examples of similar design it would be very much appreciated.
Thank you all.
Frank
Message was edited by:
Frank Goneau
Message was edited by:
Frank GoneauHi all,
I'm trying to create a web template design in WAD (WAS 6.20) using javascript that would loop and re-use the same table web item object displaying different sales employee data. The challenges I'm facing is that the number of employees to report on might be different for the reporting period and the report should have a sales employee specific header preceeding each table. And also the customer is looking at receiving a canned (precalculated) report generated weekly.
I'm thinking that I could try looping through the 0salesemply characteristic values as displayed from a dropdown box object and pass the individual value as the table object's filter value and hopefully re-generate and render the same table with different filter values until the end of sales employee list of names is reached. Within that same loop, a second table pointing to a different data provider can also display selective data specific to that sales employee.
My question is would such a design render the same table item multiple times based on the number of 0salesemply values and on a single web page. Would such a design work or would I need to look at designing a BSP application querying the ODS table directly.
If anyone has any comments on how else I can achieve this or can provide examples of similar design it would be very much appreciated.
Thank you all.
Frank
Message was edited by:
Frank Goneau
Message was edited by:
Frank Goneau -
Is there a way to store credientials for Web authentication?
I use an IPAD in my corporate network and have this nagging problem of "dropped wifi" after some idle minutes. True, this forced drop out could be due to my corporate router security settings (although they swear it is not there) but here is what frustrates me:
1. That a Samsung tab works on the same floor in the office (on same wifi network) without dropping frequently.
2. That if the Samsung tab's connection does drop once in a while, it can reconnect quickly. This is because it stores the web site id, user id and password.
My question is why can't an IPAD store the router website url and user id and password that is needed to re login?
If anybody else encounters this issue on an airport or a hotel room, please let us work for the solution togther.
Regards
SanjayI would check the web skype historic somewhere in the c: the machine eg in the folder " % temp % " for the company to use the skype app just that some older machines are complaining of memory because it is very heavy for them ... one of the fulga options that I found was the web skype but the only problem I found was that there's no way we monitor the message traffic as we made already ...
-
Hello,
I tried to install new SHA2 3th-Party certificates on our WLCs. There are old WiSM1-Boards and 2504 to support our old 1230 Access Points, running 7.0.251.2, which didn't install it, although the config manual for 7.6 and 8.0 say that SHA2 certificates are supported since 7.0.250.0. When I tried to install the SHA2-certificates I get the message "File transfer failed" an the log says:
*TransferTask: Dec 12 13:22:14.394: #UPDATE-3-CERT_INST_FAIL: updcode.c:1869 Failed to install Webauth certificate. rc = 1
*TransferTask: Dec 12 13:22:14.394: #SSHPM-3-KEYED_PEM_DECODE_FAILED: sshpmcert.c:4085 Cannot PEM decode private key
I tried to install the same certificates on our WiSM2-Boards, running 7.4.121.0 and I failed too. The same certificates could be installed on a 2504 running 8.0.100 without any problems.
In all 3 cases I tried to install unchained certificates for web management and Level 3 chained certificates for web authentication. I used the following guides to get the certificates (e.g. taken from the config manual 8.0.100):
http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/109597-csr-chained-certificates-wlc-00.html
http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/70584-csr-wlc-00.pdf
Which software versions support SHA2 certificates and which didn't ? Is the a list for it ?
RegardsHello,
I solved the problem. First I used a Debian Linux system with Openssl 1.0.1. After I searched the internet using one of the log messages above I found sites which mentioned to use Openssl 0.9.x. So I tried a productive and security fixes Debian Linux System running Openssl 0.9.8 and I succeeded. The wlcs accepted the certificate files and used it after a reboot. The Web GUI still shows a SHA1 Fingerprint, but the certificate signature Algorithm is SHA2:
Signature Algorithm: sha256WithRSAEncryption
When you check the openssl.org homepage Openssl 0.9.8 is still one of the actual version of openssl and is still available and fixed. But the Openssl Roadmap says:
"We don't want to have to maintain too many branches. This is likely to include a timescale for the EOL of version 0.9.8"
I don't know the differences between certificates made with openssl 0.9.8 and 1.0.1. Is there anybody who can explain it to me ?
Regards
Maybe you are looking for
-
Why does my battery run out zoo quickly
I got a late 2011 macbook NEW and the battery runs out in a hour just surfing the web....Doesnt it supposed to have 7 hour battery??
-
Not Enough Space in iTunes Library
I just managed to restore my iPod Mini.. updated it's software etc. I keep getting this error box everytime I wanna sync all of my playlist/smartplaylist... "The iPod "iPod" cannot be updated because there is not enough space to hold all the items in
-
Mission control keeps crashing
I recently installed Lion and have actually enjoyed the new Mission Control. However, lately Mission Control has begun to crash in the sense of simply not working as it should. Quite often when I "activate" the mission control either by swiping four
-
Hiding a custom event in portal eventing
Hi, Can anyone tell me how to hide the custom event in portal eventing? Regards MQ
-
I have an I-Phone 3G and when I uploaded my company's app to my phone, thee app added but the data didn't. Is there something I'm doing wrong? Thanks in advance for your assistance.