07-12-2011 07:50 AM
It is well Documented about the Expiration of the securelogin.arubanetworks.com Certificate on June 29, 2011. I have downloaded and attempted to install two new certificates on both controllers, secureMaster.domain.com and secureLocal.domain.com. I have also changed both controllers to use the Newly created and updated Certificates for the Captive Portal and WebUI Management. On the internal network DNS server I have added new Host records to link the SecureMaster.domain.com and SecureLocal.domain.com names so when I manage the devices in IE I can use the Host name instead of the IP address. When I open those pages I am seeing the new Certificates correctly. No "There is a problem with this website's security certificate"
My problem is on my Guest Network. When a device connects into the Guest network and they bring up a website they are still being redirected to securelogin.arubanetworks.com instead of the new common name I created. If I click threw the Certificate error i am able to see the captive Portal. When I view the Certificate it shows me the Certificate was issued to securelocal.domain.com it also is telling me "this Certificate cannot be verified up to a trusted Certification authority." It should be noted when I uploaded the issue certificates to the controllers I also updated the TrustedCA certificate that was sent allong with the issued Certificated.
Currently I have one port interface setup on both controllers for Guest Network with a VLAN than is not on my Main Hospital network. on that interface both controllers plug into a "guest Network" Network switch which then is pluged into on of the interfaces on my ASA5510 Firewall. That Interface on that Firewall only allows traffic to pass out to the WAN interface. the ASA5510 is also setup as the DHCP server, which is giving the client a DNS ip address from OpenDNS.com to provide some dns name webfiltering.
Can anyone offer any suggesting on what I am missing. And why Clients are not being redirected to securelocal.domain.com
07-12-2011 10:51 AM
1. I installed the Trusted Root Certificate on the Device that is accessing the Guest network. that took care of the "this Certificate cannot be verified up to a trusted Certification authority" error message.
2. Created a new Captive Portal Page. It was a reach but figure I would give it a try to make sure it wasn't something I had inadvertently added to the Custom CP page I created Orginally. like expected It did make any difference.
3. while at the Captive Portal Page I change the address bar from Https://securelogin.arubanetworks.com/cgi-bin/something/something/something and change the securelogin.arubanetworks.com to securelocal.domain.com and leave everything else alone and reload the page. The page will load with the correct address without the "the Security Certificate presented by this website was issued for a different website" error.
The controller appears to be able to resolve the securelocal.domain.com correctly on the guest network. But for some reason or not it is not defaulting to the securelocal.domain.com when are redirected to the captive portal the first time around.
07-14-2011 06:41 AM
I am out of ideas and just need suggestion. I have a feeling its something with my configuration and not so much a bug in the OS. But I have nothing to go on at this point.
07-14-2011 08:23 AM
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base