Controllerless Networks

Reply
New Contributor

Aruba Central + Guest Portal, Certificate Management

Hi All,

I'm currently in the process of testing Aruba Central (MSP mode) with the "hosted" Guest Portal feature.

I'm using IAP-315s updated to the recommended firmware.

It all seems straight forward and works well, except for the Certificate Error message that comes up due to the included Aruba Certificate not being trusted.

For a good guest experience, I would like to obviously ensure that there is no certificate error message.

The Aruba Central documentation is pretty light in this area (I'm guessing because it’s a fairly new feature) so I would appreciate if someone could confirm if the following process is correct.

  1. Using OpenSSL, Create an CSR and submit to your Public Root Certificate Authority
  1. Get the signed certificate back from the CA, and add the certificate to the Aruba Central Portal: Customer -> Network Management -> Configuration  -> [Group Name] -> Wireless -> Security
  2. Add the Public Root CA certificate as a CA Certificate
  3. And the newly signed certificate from the original CSR as a Server Certificate
  4. Open an Aruba TAC ticket to activate the new certificate for Cloud Guest Service

 

Is this process correct? What is the typical turn-around to get the CName added to the configuration?

 

Regards,

Rowan Sakul

New Contributor

Re: Aruba Central + Guest Portal, Certificate Management

Hi!
I´m in the same situation, doing a POC with a customer and they want to try the cloud guest portal and I need to add our own certificate.

Like you said the documantation is pretty light on this subject

 

Brgds

Contributor I

Re: Aruba Central + Guest Portal, Certificate Management

An answer for this question would be pretty good.

Anyone was able to upload a certificate and get rid of the certificate message ?

Guru Elite

Re: Aruba Central + Guest Portal, Certificate Management

A certificate is now provided in Aruba Central for use with Cloud Guest.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Aruba Employee

Re: Aruba Central + Guest Portal, Certificate Management

Team,

 

Just following up to see if anybody has had success in getting the CA cert loaded into Cental

New Contributor

Re: Aruba Central + Guest Portal, Certificate Management

We haven't tried using the new provided certificate yet.

To get our own working correctly, we had to load into a Windows machine, then export it with the full certificate chain to include all of the relevant root and intermediate certificates.

With the resultant .pfx we loaded into Aruba Central in the PKCS12 Certificate File Format.
We also had a password on the .pfx file

Aruba Employee

Re: Aruba Central + Guest Portal, Certificate Management

The new certificate is again shared by all devices sold by Aruba and uses securelogin.hpe.com as the URL, instead of old compromised securelogin.arubanetworks.com.

 

You can verify what the IAP is using, by using command show captive-portal-domains on IAP.

 

I am attaching a picture of Central configuration needed to push down the new certificate to the IAP. This shall remove the SSL error you see, even opening a HTTP site on first go.

 

Capture.PNG

 

PS: Aruba recommends you upload your own certificates instead of using Aruba provided certficates, which are shared among large number of devices.

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: