Controllerless Networks

Reply
Occasional Contributor II
Posts: 18
Registered: ‎04-30-2017

Does public certificate require for IAP cluster for clearpass guest

Hi,

I am going to integrate Clearpass Guest with IAP cluster and I have public certificate on clearpass server so I just want to know that do I require public certificate for my IAP cluster too?
Aruba Employee
Posts: 512
Registered: ‎02-19-2015

Re: Does public certificate require for IAP cluster for clearpass guest

Its not manditory/required to have public signed certificate to be installed on IAP for Clearpass Guest.

 

In clearpass, we have two certificates https/radius. We can have self-singed for https, if you are OK with client brower warning messages  but make sure to have public singed radius certificate which is used for EAP-TLS/EAP-PEAP authentication.

 

Regards,

Pavan

Occasional Contributor II
Posts: 18
Registered: ‎04-30-2017

Re: Does public certificate require for IAP cluster for clearpass guest

Hi Pavan,
Thanks for response.

As per clearpass guest workflow, clearpass send response back to secure login.arubanetworks.com and which resolved to virtual controller host name so if that vc don't have the public certificate then crome and iOS user will not able to redirect to desire URL.
Aruba Employee
Posts: 512
Registered: ‎02-19-2015

Re: Does public certificate require for IAP cluster for clearpass guest

Hi,

 

I havent come across such issue, it should work. Client will be displayed with warning message when they click submit button on captive portal page.

 

If you dont want client to see any warning messages during redirections, I would recommand to have public certificate both on IAP and CPPM.

 

Regards,

Pavan

Guru Elite
Posts: 8,765
Registered: ‎09-08-2010

Re: Does public certificate require for IAP cluster for clearpass guest

[ Edited ]

Just some clarification here.

 

You should always use a public CA-signed certificate for HTTPS in ClearPass. The EAP server certificate can be either public or private depending on your environment.

 

You should also always use a public CA-signed certificate for captive portal on the IAP-VC / controller.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II
Posts: 18
Registered: ‎04-30-2017

Re: Does public certificate require for IAP cluster for clearpass guest

Hi Cappalli,

I am using clearpass guest with IAP so should I require https public signed certificate on Clearpass and IAP both ?
Guru Elite
Posts: 8,765
Registered: ‎09-08-2010

Re: Does public certificate require for IAP cluster for clearpass guest

Yes. 1 for the captive portal function on IAP and 1 for HTTPs on ClearPass.

 

http://community.arubanetworks.com/t5/Controller-less-WLANs/ArubaOS-Default-Certificate-Revocation-FAQ-Instant/tac-p/293244


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: