Security

hey all,

 

what is the best way to go about generating a cert for my captive portal on my controller that only has an internal domain name?

 

Thanks,

 

rafael

Whatever name the client devices will use to access the controller should
be what you use for the CN of the cert.

ok, and what name will clients use in terms of captive portal?

The captive portal will use the CN of the certificate that you have selected for the controller. If you use the DNS name of your controller, you can use the cert for both Mgmt UI and captive portal without getting SSL errors.

Right, and there in lies the problem (pgh-local.mycompany.int).  We have an internal domain that is .int and since .int is actually a usable external DNS suffix I can't get a cert from a public CA or whatever Thawte and Go Daddy are...

 

rafael

Do you have a public facing domain name though? You could always do a
generic wireless.domain.com just for the captive portal. The DNS name
doesn't have to actually exist.

Really? hmmm, how does that work?  

 

thanks,

 

rafael

It's part of the captive portal redirect process.

"Do you have a public facing domain name though? You could always do a
generic wireless.domain.com just for the captive portal. The DNS name
doesn't have to actually exist."

 

i mean if I use wireless.mydomain.com don't I need a corresponding "a" record in DNS so the client can find the captive portal?

 

rafael

No. The controller will intercept traffic and dst-nat it to the controller.
The client never directly navigates to the CP.

Achah! that makes sence.  

 

Thanks,

 

rafael