Aruba Instant & Cloud Wi-Fi

Reply
New Contributor
Posts: 4
Registered: ‎09-26-2016

securelogin.domain.com redirect fails with wildcard certificate - captive portal

[ Edited ]

We have a guest SSID that requires users to accept the terms of use before accessing the internet.  They receive public DNS servers 8.8.8.8 and 8.8.4.4. We are also using clearpass for captive portal.  This is my issue:

 

1. User connects to GUEST SSIDE

2. User trys to load a webpage, and gets re-directed to captive portal (we have a wildcard cert installed in clearpass so this connection is https and secure/trusted)

3. User accepts terms and clicks "login"

4. Redirect to "securelogin.domain.com" shows page cannot be displayed / DNS error.

5. We are using IAP205s in our network. No controllers.. just virtual ones.

6. Airwave version 8.2.2.1

 

During my research, I have done the following:

1. Installed wildcard cert within Airwave (PEM) to be pushed to IAP VC

(the CN of this cert if "*.domain.com"

2. Verified the VC has the correct wildcard cert with the AP commands

3. Changed the "address" field in clearpass guest to "securelogin.domain.com" (from the old securelogin.arubanetworks.com)

4. If I installed a private cert with a CN of "securelogin.domain.com" the redirect works but we get the error / untrusted message and need to trust the cert (which is expected"

5. I have updated the IAPs to the latestest "Early" release ArubaInstant_Taurus_6.5.0.0-4.3.0.1_57133 which supposetly allowed wildcard certs.

 

My only other thought is to purchase a public cert (not a wild card) and test.

 

I have been on the phone with Aruba and we can't figure it out.

 

Any help would be much appreciated.

Guru Elite
Posts: 8,458
Registered: ‎09-08-2010

Re: securelogin.domain.com redirect fails with wildcard certificate - captive portal

[ Edited ]
New Contributor
Posts: 4
Registered: ‎09-26-2016

Re: securelogin.domain.com redirect fails with wildcard certificate - captive portal

Hi,

 

I've tried adding the "captiveportal-login.domain.com" but receive a new error:

 

"you connection is not private.... NET:: ERR_CERT_AUTHORITY_INVALID"

 

I can proceed and get connected, but we would like to not have any messages when connecting to Guest.

Guru Elite
Posts: 8,458
Registered: ‎09-08-2010

Re: securelogin.domain.com redirect fails with wildcard certificate - captive portal

Is your wildcard certificate issued from a well-known public CA?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
New Contributor
Posts: 4
Registered: ‎09-26-2016

Re: securelogin.domain.com redirect fails with wildcard certificate - captive portal

Yup it is... Godaddy. Could it be that the cert I uploaded is in the wrong format?  I don't think mine has the intermediate root ca file.

 

1. private-key
2. public-cert
3. intermediate-root-ca-file 

 

I don't think mine is like this.  

Guru Elite
Posts: 8,458
Registered: ‎09-08-2010

Re: securelogin.domain.com redirect fails with wildcard certificate - captive portal

Yes it could be. Please follow the instructions in the FAQ.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
New Contributor
Posts: 4
Registered: ‎09-26-2016

Re: securelogin.domain.com redirect fails with wildcard certificate - captive portal

Hi Cappalli,

 

I combined my public wildcard cert with the root and intermediate certs into one file (pretty much just copy and paste them into one) with the private key.  Uploaded that cert to Airwave and pushed it to the virtual controller.  This resolved the issue.

 

Thanks for your assistance on this issue.

Search Airheads
Showing results for 
Search instead for 
Did you mean: