09-09-2016 04:01 PM
We use a mix of IAP-105 and 205 access points in several locations broadcasting multiple SSIDs. The guest network is using "Internal - Authenticated" with a local user account for authentication. Since it was not high priority we never bothered to fix the certificate errors generated by the included demo certificate that was recently revoked.
I'm now trying to apply certificates to the units and after much trial and error was able to generate, combine, and apply the necessary keys and certificates to the virtual controller. This worked very well for the admin pages/virtual controller but no so well for the captive portal.
Since we already have a wildcard certificate I requested a duplicate and added "securelogin" as a SAN on the certificate. This works perfectly for the VC but the captive portal redirects to the wildcard/asterisk (*.domain.com instead of securelogin.domain.com).
Is there a way to reuse this certificate and force the IAP to use the alternative name on the certificate or a specific subdomain covered by the wildcard? For example, site1.domain.com, site2.domain.com, etc.domain.com so I don't have to issue individual certificates?
If I can get that far, will the units redirecting users to these pages handle their own name registration, knowing it is a loopback, or will I need to change the DNS and register the names for each AP so the clients can find the URL?
Thanks ahead of time for any assistance.
09-09-2016 04:06 PM - edited 09-09-2016 04:45 PM
09-09-2016 04:12 PM
In a word, no wildcard for Captive Portal Certificate: http://community.arubanetworks.com/t5/Controller-less-WLANs/Do-we-support-wildcard-cert-on-IAP-for-captive-portal/ta-p/234370
We cannot redirect to a SAN. The hostname needs to be defined on the cert for the captive portal.
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base