Controllerless Networks

Reply
New Contributor

IAPs External captive portal and SSL certs

Hi,

     I've created an external Captive Portal with authicentaion via the VCs internal username and password. The Captive Portal is running on a external hosted Windows 2012 server with IIS.

My issue is that when a users connects they get an SSL cert error, my android device is telling me that my default webpage (google) does not match my wireless.xxx.com cert. Other users are getting similar messages. If you can proceed then the login page comes up and works correctly. Aruba support has told me to load the same cert onto both the VC and the Windows server but since the certificate has the same name but with different IP addresses how does it work.

 

My question is, in this setup do I require two different named SSL certs (one for the VC and one for the IIS). I assume also that my captive portal html has to point the "login html" (securelogin.arubanetworks.com) back to the VC IP\hostname is this the case or is this re-directed back to the VC.

 

The internal portal works with no issues with the same cert (wireless.xxx.com)

AP are 207 with 6.5.1.0-4.3.1.0_57768

Thanks in advance

Guru Elite

Re: IAPs External captive portal and SSL certs

If a user is attempting to navigate to an HTTPS page, they will receive an error. There’s nothing you can do about it unfortunately. The browser is doing exactly what it is supposed to do.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
New Contributor

Re: IAPs External captive portal and SSL certs

Thanks for the quick reply, I thought as much. The problem with this is Chrome seems to block the user from continuing..Also Apple IOS devices don't seem to auto start the Captive portal page.

 

My problem here is the IAPs are in a conference centre and we want the user experience to be as smooth as possible. I assume the problem also exists with a Controller based system.

Re: IAPs External captive portal and SSL certs

Fully agree on that, it is a pain. For some more background, check this blog post.

 

The problem cannot be solved, what might work is either blocking or allowing HTTPS traffic in the Captive portal stage as a workaround.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: