11-15-2016 01:48 PM - edited 11-15-2016 01:49 PM
1. User connects to GUEST SSIDE
2. User trys to load a webpage, and gets re-directed to captive portal (we have a wildcard cert installed in clearpass so this connection is https and secure/trusted)
3. User accepts terms and clicks "login"
4. Redirect to "securelogin.domain.com" shows page cannot be displayed / DNS error.
5. We are using IAP205s in our network. No controllers.. just virtual ones.
6. Airwave version 220.127.116.11
During my research, I have done the following:
1. Installed wildcard cert within Airwave (PEM) to be pushed to IAP VC
(the CN of this cert if "*.domain.com"
2. Verified the VC has the correct wildcard cert with the AP commands
3. Changed the "address" field in clearpass guest to "securelogin.domain.com" (from the old securelogin.arubanetworks.com)
4. If I installed a private cert with a CN of "securelogin.domain.com" the redirect works but we get the error / untrusted message and need to trust the cert (which is expected"
5. I have updated the IAPs to the latestest "Early" release ArubaInstant_Taurus_18.104.22.168-22.214.171.124_57133 which supposetly allowed wildcard certs.
My only other thought is to purchase a public cert (not a wild card) and test.
I have been on the phone with Aruba and we can't figure it out.
Any help would be much appreciated.
Solved! Go to Solution.
11-15-2016 02:11 PM - edited 11-15-2016 02:12 PM
Did you set the NAS address in the ClearPass captive portal config to captiveportal-login.yourdomain.com?
11-15-2016 02:59 PM
I've tried adding the "captiveportal-login.domain.com" but receive a new error:
"you connection is not private.... NET:: ERR_CERT_AUTHORITY_INVALID"
I can proceed and get connected, but we would like to not have any messages when connecting to Guest.
11-15-2016 03:06 PM
11-16-2016 05:53 AM
Yup it is... Godaddy. Could it be that the cert I uploaded is in the wrong format? I don't think mine has the intermediate root ca file.
I don't think mine is like this.
11-16-2016 05:58 AM
11-16-2016 08:38 AM
I combined my public wildcard cert with the root and intermediate certs into one file (pretty much just copy and paste them into one) with the private key. Uploaded that cert to Airwave and pushed it to the virtual controller. This resolved the issue.
Thanks for your assistance on this issue.