09-12-2016 03:19 PM
With the recently emailed advisory regarding securelogin.arubanetworks.com, if the IAP Guest WLAN is only configured for INTERNAL – ACKNOWLEDGED, do I need to be concerned about this/will the revoked certificate cause an issue for guests using this configuration?
Solved! Go to Solution.
09-12-2016 04:10 PM
Yes. If the guest browser is configured to detect a revoked certificate, it might not let the user connect.
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
09-13-2016 10:01 AM
Thanks for the prompt reply Colin. If this is indeed the case, what’s the best way to resolve this as I see no reason to have an SSL certificate if I’m not securing anything.
09-13-2016 10:30 AM
If you haved a captive portal, then you are securing the connection between the client web browser are the portal. This needs to be encrypted, you can use a self-signed certificate but this may still cause tehe browser to throw up an error as it would be untrusted by the browser.
09-14-2016 02:03 PM
I see—shame considering SSL is really not required here. Does my certificate need to be for securelogin.example.com or will any host work? If the former, is there a way to change this? There is little documentation here, at least as it specifically relates to IAP, and this covers http://community.arubanetworks.com/t5/Wireless-Acc
09-14-2016 02:06 PM
09-14-2016 02:19 PM
Thanks for the prompt reply Tim. While this covers why a certificate is needed, it doesn’t mention Subject Names or if a reboot is required for the change to be effective. I imagine Aruba has a major head ache on their hands for anyone that uses the built-in captive portal for Guest WLANs.
09-14-2016 02:21 PM
A reboot is not required.
10-03-2016 01:55 AM
I assume that an A recond in DNS should be created for "network-login.domain.xyz", am I right? To which ip address it should be pointing?
Is it possible to use wildcard cert?
10-03-2016 01:56 AM