An engineer has configured central web authentication on the wireless network, but clients are receiving untrusted certificate errors on their internet browsers when directed to the guest splash page.
Which file must be provided to an approved trusted certificate authority to fix this issue?
A. CSR generated by the WLC.
B. EAP-TLS certificate generated by the access point
C. CSR generated by Identity Service Engine
D. EAP-TLS certificate generated by WLC
The correct answer is C.
https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/115951-web-auth-wlc-guide-00.html#anc16
Central Web Authentication
Central Web Authentication refers to a scenario where the WLC no longer hosts any services. The difference resides in the fact that the client is directly sent to the ISE web portal and does not go through 192.0.2.1 on the WLC. The login page and the entire portal are externalized.
Answer should be C
because it is central web authentication
The correct answer is Certificate by the WLC, according to Cisco documentation:
“In order to be rid of the warning “this certificate is not trusted”, you must also enter the certificate of the CA that issued the controller certificate on the controller.”
ISE would only come into play if using local web authentication.