Enabling HTTPS for Secure Browsing
You can protect communication with the access point web-browser interface by enabling HTTPS. HTTPS protects HTTP browser sessions by using the Secure Socket Layer (SSL) protocol.
Note When you enable HTTPS, your browser might lose its connection to the access point. If you lose the connection, change the URL in your browser’s address line from http://ip_address to https://ip_address and log into the access point again.
Note When you enable HTTPS, most browsers prompt you for approval each time you browse to a device that does not have a fully qualified domain name (FQDN). To avoid the approval prompts, complete Step 2 through Step 9 in these instructions to create an FQDN for the access point. However, if you do not want to create an FQDN, skip to Step 10.
Follow these steps to create an FQDN and enable HTTPS:
Step 1 If your browser uses popup-blocking software, disable the popup-blocking feature.
Step 2 Browse to the Express Setup page. Figure 2-2 shows the Express Setup page.
Figure 2-2 Express Setup Page
Step 3 Enter a name for the access point in the System Name field and click Apply.
Step 4 Browse to the Services – DNS page. Figure 2-3 shows the Services – DNS page.
Figure 2-3 Services – DNS Page
Step 5 Select Enable for Domain Name System.
Step 6 In the Domain Name field, enter your company’s domain name. At Cisco Systems, for example, the domain name is cisco.com.
Step 7 Enter at least one IP address for your DNS server in the Name Server IP Addresses entry fields.
Step 8 Click Apply. The access point’s FQDN is a combination of the system name and the domain name. For example, if your system name is ap1100 and your domain name is company.com, the FQDN is ap1100.company.com.
Step 9 Enter the FQDN on your DNS server.
Tip If you do not have a DNS server, you can register the access point’s FQDN with a dynamic DNS service. Search the Internet for dynamic DNS to find a fee-based DNS service.
Step 10 Browse to the Services: HTTP Web Server page. Figure 2-4 shows the HTTP Web Server page:
Figure 2-4 Services: HTTP Web Server Page
Step 11 Select the Enable Secure (HTTPS) Browsing check box and click Apply.
Step 12 Enter a domain name and click Apply.
Note Although you can enable both standard HTTP and HTTPS, Cisco recommends that you enable one or the other.
A warning window appears stating that you will use HTTPS to browse to the access point. The window also instructs you to change the URL that you use to browse to the access point from http to https. Figure 2-5 shows the warning window:
Figure 2-5 HTTPS Warning Window
Step 13 Click OK. The address in your browser’s address line changes from http://ip-address to https://ip-address.
Step 14 Another warning window appears stating that the access point’s security certificate is valid but is not from a known source. However, you can accept the certificate with confidence because the site in question is your own access point. Figure 2-6 shows the certificate warning window:
Figure 2-6 Certificate Warning Window
Step 15 Click View Certificate to accept the certificate before proceeding. (To proceed without accepting the certificate, click Yes, and skip to Step 24 in these instructions.) Figure 2-7 shows the Certificate window.
Figure 2-7 Certificate Window
Step 16 On the Certificate window, click Install Certificate. The Microsoft Windows Certificate Import Wizard appears. Figure 2-8 shows the Certificate Import Wizard window.
Figure 2-8 Certificate Import Wizard Window
Step 17 Click Next. The next window asks where you want to store the certificate. Cisco recommends that you use the default storage area on your system. Figure 2-9 shows the window that asks about the certificate storage area.
Figure 2-9 Certificate Storage Area Window
Step 18 Click Next to accept the default storage area. A window appears that states that you successfully imported the certificate. Figure 2-10 shows the completion window.
Figure 2-10 Certificate Completion Window
Step 19 Click Finish. Windows displays a final security warning. Figure 2-11 shows the security warning.
Figure 2-11 Certificate Security Warning
Step 20 Click Yes. Windows displays another window stating that the installation is successful. Figure 2-12 shows the completion window.
Figure 2-12 Import Successful Window
Step 21 Click OK.
Step 22 On the Certificate window shown in Figure 2-7, which is still displayed, click OK.
Step 23 On the Security Alert window shown in Figure 2-6, click Yes.
Step 24 The access point login window appears and you must log into the access point again. The default user name is Cisco (case-sensitive) and the default password is Cisco (case-sensitive).
CLI Configuration Example
This example shows the CLI commands that are equivalent to the steps listed in the “Enabling HTTPS for Secure Browsing” section:
AP(config)# hostname ap1100
AP(config)# ip domain name company.com
AP(config)# ip name-server 10.91.107.18
AP(config)# ip http secure-server
In this example, the access point system name is ap1100, the domain name is company.com, and the IP address of the DNS server is 10.91.107.18.
For complete descriptions of the commands used in this example, consult the Cisco IOS Commands Master List, Release 12.3. Click this link to browse to the master list of commands:
Deleting an HTTPS Certificate
The access point generates a certificate automatically when you enable HTTPS. However, if you need to change the access point’s fully qualified domain name (FQDN) or you need to add an FQDN after enabling HTTPS, you might need to delete the certificate. Follow these steps:
Step 1 Browse to the Services: HTTP Web Server page.
Step 2 Uncheck the Enable Secure (HTTPS) Browsing check box to disable HTTPS.
Step 3 Click Delete Certificate to delete the certificate.
Step 4 Re-enable HTTPS. The access point generates a new certificate using the new FQDN.