12-18-2016 06:35 PM
I'm currently in the process of testing Aruba Central (MSP mode) with the "hosted" Guest Portal feature.
I'm using IAP-315s updated to the recommended firmware.
It all seems straight forward and works well, except for the Certificate Error message that comes up due to the included Aruba Certificate not being trusted.
For a good guest experience, I would like to obviously ensure that there is no certificate error message.
The Aruba Central documentation is pretty light in this area (I'm guessing because it’s a fairly new feature) so I would appreciate if someone could confirm if the following process is correct.
- Using OpenSSL, Create an CSR and submit to your Public Root Certificate Authority
- Based off the instructions here: https://community.arubanetworks.com/t5/Controller-
- Apparently we can use any domain name can be used for the captive portal cert, however being used publicly and signed by a Root CA, you need to have authority over that domain name.
- It doesn't actually have to resolve to anything, however I found these notes in the Aruba Central guide "until customers are allowed to configure CName as part of the configuration. The customer must open a TAC ticket to activate the new certificate for Cloud Guest Service."
- Get the signed certificate back from the CA, and add the certificate to the Aruba Central Portal: Customer -> Network Management -> Configuration -> [Group Name] -> Wireless -> Security
- Add the Public Root CA certificate as a CA Certificate
- And the newly signed certificate from the original CSR as a Server Certificate
- Open an Aruba TAC ticket to activate the new certificate for Cloud Guest Service
Is this process correct? What is the typical turn-around to get the CName added to the configuration?
I´m in the same situation, doing a POC with a customer and they want to try the cloud guest portal and I need to add our own certificate.
Like you said the documantation is pretty light on this subject