中文讨论区

Reply
Moderator

浏览器提示securelogin.arubanetworks.com证书被吊销的解决方案

Temporary solution for browser prompted certificate for securelogin.arubanetworks.com has been revoked.

临时解决方案如下:

IE关闭证书revoke检测(需要重启IE):

Figure 1: Disabling the IE Feature That Checks for Server Certificate Revocation

 

旧版Chrome:

chrome://settings/, 选择高级配置,然后在https/ssl中勾掉检查revoke选项

Enable certificate revocation checking

 

如果仍然出现了证书revoked提示,

运行cmd

在窗口里输入 C:\>certutil -urlcache crl delete

清除当前证书缓存。

 

 

Aruba在后续版本对此问题进行了修复,采用CN名字仍然为securelogin.arubanetworks.com的自签名证书代替了原来的Public CA签发的证书。

受影响的产品为ArubaOS的controller,IAP以及MAS。

 

由于使用自签名证书在某些应用场景下可能会有限制,强烈推荐客户使用Public CA签发的证书来代替此自签名证书。(或者利用客户已部署好的完善的私有证书环境)。

 

此次公有证书的吊销的操作是由Public CA geotrust方操作的,从Aruba的角度无法控制。之前使用公有证书的原因为在测试Aruba产品的过程中不需要额外的申请证书的工作以及Aruba想尽量为客户提供便利,但一直强烈建议使用客户正式签发的证书来代替此证书。

在之前的User Guide中说明如下:

======================================

There is a default server certificate installed in the controller to demonstrate the authentication of the
controller for captive portal and WebUI management access. However, this certificate does not guarantee
security in production networks. Aruba strongly recommends that you replace the default certificate with a
custom certificate issued for your site or domain by a trusted Certificate Authority (CA). This section describes
how to generate a Certificate Signing Request (CSR) to submit to a CA and how to import the signed certificate
received from the CA into the controller.

=====================================

 

使用自签名证书影响如下:

  CAPTIVE PORTAL MANAGEMENT EAP-TERMINATION
Self-signed YES1
(but not recommended,
see below)
YES YES2

1 – While a self-signed or private certificate can be used for captive portal, it is not recommended as guests will not have the certificate and/or root CA installed and will receive a certificate error.

2 – When using EAP-Termination with a self-signed certificate, the cert will need to be installed on each client device in order to secure the connection.

 

更多详情请见:

https://community.arubanetworks.com/t5/Controller-Based-WLANs/ArubaOS-Default-Certificate-Revocation-FAQ-Controllers/ta-p/275809

Moderator

Re: 浏览器提示securelogin.arubanetworks.com证书被吊销的临时解决方案

Occasional Contributor I

Re: 浏览器提示securelogin.arubanetworks.com证书被吊销的临时解决方案

對於沒有Domain root CA的客戶來說,我一直在用CPPM簽憑證上傳controller使用

 

現在有這訊息太棒了

New Contributor

Re: 浏览器提示securelogin.arubanetworks.com证书被吊销的解决方案

很有用,非常感谢。

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: