Security

Reply
Frequent Contributor II

Cert for Captive portal with internal DNS

hey all,

 

what is the best way to go about generating a cert for my captive portal on my controller that only has an internal domain name?

 

Thanks,

 

rafael

Guru Elite

Re: Cert for Captive portal with internal DNS

Whatever name the client devices will use to access the controller should
be what you use for the CN of the cert.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor II

Re: Cert for Captive portal with internal DNS

ok, and what name will clients use in terms of captive portal?

Guru Elite

Re: Cert for Captive portal with internal DNS

The captive portal will use the CN of the certificate that you have selected for the controller. If you use the DNS name of your controller, you can use the cert for both Mgmt UI and captive portal without getting SSL errors.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor II

Re: Cert for Captive portal with internal DNS

Right, and there in lies the problem (pgh-local.mycompany.int).  We have an internal domain that is .int and since .int is actually a usable external DNS suffix I can't get a cert from a public CA or whatever Thawte and Go Daddy are...

 

rafael

Guru Elite

Re: Cert for Captive portal with internal DNS

Do you have a public facing domain name though? You could always do a
generic wireless.domain.com just for the captive portal. The DNS name
doesn't have to actually exist.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor II

Re: Cert for Captive portal with internal DNS

Really? hmmm, how does that work?  

 

thanks,

 

rafael

Guru Elite

Re: Cert for Captive portal with internal DNS

It's part of the captive portal redirect process.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor II

Re: Cert for Captive portal with internal DNS

"Do you have a public facing domain name though? You could always do a
generic wireless.domain.com just for the captive portal. The DNS name
doesn't have to actually exist."

 

i mean if I use wireless.mydomain.com don't I need a corresponding "a" record in DNS so the client can find the captive portal?

 

rafael

Guru Elite

Re: Cert for Captive portal with internal DNS

No. The controller will intercept traffic and dst-nat it to the controller.
The client never directly navigates to the CP.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: