Requirement of customer own certificate for captive portal

Aruba Employee

The controller uses CN of the certificate in the http 302(temporarily move) message. The client will do a DNS lookup of this name; the controller will intercept this and return the DNS reply with its switch IP. This is how captive portal works. 

So the CN of the certificate need to be in FQDN format. Otherwise, the client will NOT trying to resolve it. 

Just in case the CN of the certificate is not in the FQDN format, we can use the following workaround: 

In the customer DNS server, make sure that in the zone that serves the wirelsss client, there’s a name to match the CN of the controller certificate.  The IP address of this CN should be the controller switch IP. 

When the wireless user tries to resolve the CN, it will append the domain name. The controller won’t intercept it but the real DNS server will return the correct IP address so the user can still try to connect to the controller and get the captive portal page.

Version history
Revision #:
1 of 1
Last update:
‎07-10-2014 09:18 AM
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.