Firefox and WLC Certificate Issues
Have you tried to log into a Cisco WLC with Firefox and get an annoying certificate conflict message? No worries you can fix it !
Firefox collects certificates and will compare incoming certificates. If these certificates match but come from different sources Firefoxs throws the annoying certificate conflict message.
The HTTPS certificate on the WLC lives at MANAGEMENT-->HTTP-->CURRENT CERTIFICATE
Where the problem arrives, controllers shipped in batches appear to have the same identical certificates. This could be because they “blast” the firmware on the boxes in the manufacturing process.
An example of a factory provided certificate is below. First noticed there is no CN information and the validation date is way off. This same certificate was on all the controllers in the batch.
The first controller you log into Firefox would accept and store this certificate. However, any controller you attempted to log into afterward would receive a certificate conflict.
So, how do we fix this issue? It's very simple …
After you configure your WLC with an IP address. Simply go to MANAGEMENT-->HTTP and click on regenerate certificate. It will fill in a proper validation date and more specific CN information giving the certificate its true identity. However, this does require a controller reboot. So schedule accordingly. Below is a regenerated certificate.
Thats it! It should work now! Enjoy ....
Reader Comments (1)
Certs are painful generally, in wireless they get very painful, looks like you found something alse new.
It would be a huge advantage if there were easier ways as I done a recent deployment and ended up with numerous certs from Verisign but even downloading them was not easy as you are better doing it on an XP machine with IE7 as Verisign do not like server 2008 or IE8 or even Windows 7, that made for an interesting day.