Security

Reply
MVP
Posts: 3,009
Registered: ‎10-25-2011

Certificate error

Hello im getting in a iphone this error  when the user is already authenticated , the user says it pop ups now and then

exchange.PNGIn english it says

Impossible to verify the identity of the server

Exchange cannot verify the identitty of "secureloging.arubanetworks.com

 

Options given

Details and cancel

 

Anyone ? :(

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Guru Elite
Posts: 8,637
Registered: ‎09-08-2010

Re: Certificate error

Have you replaced the default controller certificate?

Are you using ASO?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Guru Elite
Posts: 8,637
Registered: ‎09-08-2010

Re: Certificate error

Have you replaced the default controller certificate?

Are you using ASO?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
MVP
Posts: 3,009
Registered: ‎10-25-2011

Re: Certificate error

For now we are using  a selft signed certificate...

But i have never seen geting that error ever before...

This is on the guest network we are using clearpass.

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
MVP
Posts: 3,009
Registered: ‎10-25-2011

Re: Certificate error

The outlook of the iphone is sending that error i beailve

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
MVP
Posts: 3,009
Registered: ‎10-25-2011

Re: Certificate error

Tim whats ASO??

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
MVP
Posts: 515
Registered: ‎11-04-2011

Re: Certificate error

Carlos,

 

Two things: you client is presented with the securelogin.arubanetworks.com, and that certificate should be replaced in order to get rid of certificate warnings. Check the cert revocation FAQs on this forum for more information on why you need that certificate and how to create them.

 

Second, what is probably happening is that something in the background is setting up an HTTPS connection which gets redirected by the AP or controller. Please check this post:  https://community.arubanetworks.com/t5/Technology-Blog/Captive-Portal-why-do-I-get-those-certificate-warnings/ba-p/268921 to read why this is, and that removing/disabling the redirect for HTTPS (leaving only redirects for HTTP) might be a good idea.

 

Herman

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
MVP
Posts: 3,009
Registered: ‎10-25-2011

Re: Certificate error

Hello Hernan

Thanks for the reply

We will put a certificate this is just temporary

 

Anyways eve if we put a certificate, wouldnt the user still get that same message but instead of secureloging.arubanetworks.com it will be the name of the new certificate?? or that will not happen?

If we want to continue using https instead of http becasue on http the user and password will be on plain text over the air, is there a solution to this kind of error?

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
MVP
Posts: 515
Registered: ‎11-04-2011

Re: Certificate error

You are correct that if you change the certificate that it is likely that the name in the error will change from securelogin.arubanetworks.com to the name of your certifcate.

 

And no, there is no solution if you want to redirect SSL traffic, because that is how SSL is designed:  https://community.arubanetworks.com/t5/Technology-Blog/Captive-Portal-why-do-I-get-those-certificate-warnings/ba-p/268921

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
MVP
Posts: 3,009
Registered: ‎10-25-2011

Re: Certificate error

[ Edited ]

So there is no fix to this?

The user cannot even use safari becuase of this(or at least that what they just told me, i would need to check it mysleft)...  so the guest network is useless for the ones that get this error for now.

 

I cannot use HTTP only because then the user and pass are send in plain text, and the client doest not want that.

 

Anyone else got ideas?

 

Cheers

Carlos

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Search Airheads
Showing results for 
Search instead for 
Did you mean: