04-30-2017 11:29 AM
I am going to integrate Clearpass Guest with IAP cluster and I have public certificate on clearpass server so I just want to know that do I require public certificate for my IAP cluster too?
Solved! Go to Solution.
04-30-2017 12:32 PM
Its not manditory/required to have public signed certificate to be installed on IAP for Clearpass Guest.
In clearpass, we have two certificates https/radius. We can have self-singed for https, if you are OK with client brower warning messages but make sure to have public singed radius certificate which is used for EAP-TLS/EAP-PEAP authentication.
04-30-2017 01:14 PM
Thanks for response.
As per clearpass guest workflow, clearpass send response back to secure login.arubanetworks.com and which resolved to virtual controller host name so if that vc don't have the public certificate then crome and iOS user will not able to redirect to desire URL.
05-01-2017 02:32 AM
I havent come across such issue, it should work. Client will be displayed with warning message when they click submit button on captive portal page.
If you dont want client to see any warning messages during redirections, I would recommand to have public certificate both on IAP and CPPM.
05-01-2017 05:45 AM - edited 05-01-2017 05:46 AM
Just some clarification here.
You should always use a public CA-signed certificate for HTTPS in ClearPass. The EAP server certificate can be either public or private depending on your environment.
You should also always use a public CA-signed certificate for captive portal on the IAP-VC / controller.
05-01-2017 07:33 AM
Yes. 1 for the captive portal function on IAP and 1 for HTTPs on ClearPass.