Product and Software: This article applies to all Aruba controllers and ArubaOS versions after 2.5.x.
ArubaOS is shipped with a default certificate issued by GeoTrust, which is issued for the server name/CN "securelogin.arubanetworks.com". This certificate is tied back to all the SSL modules on the Aruba controller, for example, secure access to the controller (HTTS) and dot1x EAP-Termination.
For any standard browser, the first step in server validation is for the browser to check the requested domain-name against the one presented by the certificate. When you access the Aruba controller through its IP, the browser warns you that the name of the site you are trying to access through the address bar (which in our case is the IP of the controller) and the one presented by the site through its security certificate (which is "securelogin.arubanetworks.com") do not match. The error is valid from browser's perspective, because it is programmed to warn the user each time about the mismatch.
No code change introduced this problem. What changed is that earlier you were allowed to do Http access to the controller. Now the software redirects this Http request to Https, which forces the user to do an SSL to the controller for security reasons.
When this error is displayed, there are three actions we can take:
- Ignore this error message each time when it prompts on the browser, which can be annoying when you access the site all the time.
- Issue a new certificate to the controller and tie it to the SSL module. Add the CN of the certificate to the DNS pointing back to the controller's IP, and from now on access the controller through the CN itself.
- Make a DNS entry for "securelogin.arubanetworks.com" on the DNS server and point that to the Aruba controller's IP. Then always access the Aruba controller with the name "securelogin.arubanetworks.com".