How to handle Invalid certificate error for cmx redirection url?

During WLC redirection, you will be sent to virtual GW address which will use HTTPS if the secure web option is enable

This means that WLC will act as HTTPS server, so if you want  to have a smooth end client experience you “must” install a trusted certificate on the controller

So, three options:

  1. Disable HTTPS, this will cause that any credentials introduced while accessing the virtual GW address will be sent on the clear, this is normally not recommended, unless this is low security scenario, like a webauth-passtrhough (no passwords)
  1. Install certificate trusted by end devices (Entrust, Verisign, etc, etc). This normally costs money, and the pre-requisite is to create a DNS name entry (i.e. mapped through their internal DNS servers to, as certifications authorities will never create certs for internal IP addresses

This is the common procedure for any customer using webauth of any type on a public venue

  1. Use SSC or private PKI, and make the end devices trust it. This is only possible on lab scenarios, or for enterprise where all  the devices are  under full control of the network operation, so you can push certificate trusts, PKI CA, etc

If you don’t install or use a trusted cert, you will ALWAYS have problems, some clients react badly to POST requests sent to forms to a untrusted SSL cert (Apple IOS), so this is really something you want properly configured


Please sign in to leave a comment.