09-19-2016 08:48 AM
On september 8th the default cert securelogin.arubnetworks.com was revoked. Users have been having issues connecting to our guest networks because we were still using that cert (I know...).
I have since managed to create a PEM file with our wildcard cert using this procedure https://www.digicert.com/ssl-support/pem-ssl-creat
I followed the steps listed here https://community.arubanetworks.com/t5/AAA-NAC-Gue
1. Clearpass shows a page that says "Please wait whil we log you onto the network" or
2. A browser error page that says "Unable to find host"
From what I can see everything seems in order but I feel there should be a DNS record about captiveportal-login.xyz.com somewhere.
Any help appreciated
Solved! Go to Solution.
09-19-2016 08:50 AM
09-22-2016 07:35 AM
We bought a public cert and uploaded it to our instants and it's currently working.
We also have an m3 controller that offloads to Clearpass for guest auth, documentation that I have found suggests I need to upload the cert as a "Server Cert" but I get an error saying there is a problem with the cert format.
I was able to upload it as a public cert, but it won't let me use it for captive portal.
09-22-2016 09:51 AM
09-27-2016 02:49 PM
Just an update. Instant 4.3 was released this week which added support for wildcard certificates with captive portal. The FAQ has been updated.
As in 18.104.22.168-4.3? Didn't find anything in the release notes about it.
10-07-2016 06:07 AM
When you upload a wildcard certificate for the captive portal, the IAP uses the hostname "captiveportal-login.domain.com". You should put that captiveportal-logon.domain.com hostname in ClearPass
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base