Security

Reply
Regular Contributor II

Certificate for Captive Portal

I have 3 controllers (1 Master and 2 Locals). Do I need to have a different certificate for each controller for Captive Portal or do I need just one?

Re: Certificate for Captive Portal

You need one for each

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Regular Contributor II

Re: Certificate for Captive Portal

Thanks for the response. Do I need to have the CSR for the controller name or the SSID (Guest)?

Re: Certificate for Captive Portal


Controller

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Guru Elite

Re: Certificate for Captive Portal

If you do the CSR on server where you can export the private key (IIS or
openssl, you could use the same cert on all 3. You could do something
generic like wireless. domain.com

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Guru Elite

Re: Certificate for Captive Portal


jcameron wrote:

I have 3 controllers (1 Master and 2 Locals). Do I need to have a different certificate for each controller for Captive Portal or do I need just one?


You have a choice:

 

1.  One Certificate for each Controller, each with its own Subject as its FQDN or

2.  A Single Certificate, that can be installed on all of your controllers, but FQDNs for your controllers  entered in the SAN or Subject Alternate Name field on the CSR form at your Certificate Authority:  http://en.wikipedia.org/wiki/SubjectAltName

 

Please know that

 

- the CSR form for the controller does not have a Subject Alternate name field, so you cannot generate it there for option (2).  You would need to generate the CSR using the Certificate Authority's form...

- If you Generate a CSR from a controller, it will stay in there, so you cannot generate another unless you import a corresponding certificate

- Certificate Authorities charge more for additional subject alternate names, but not as much as an entire certificate, but shop around.

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Regular Contributor II

Re: Certificate for Captive Portal

Thanks, Colin. I created certs with the FQDN of each controller as the Common Name. Is this right?

Guru Elite

Re: Certificate for Captive Portal

Correct.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Regular Contributor II

Re: Certificate for Captive Portal

I got the certs they are in p7b format. When I upload them onto the controller then go Management -> General and try to change the cert for Captive Portal it does not show up.

Guru Elite

Re: Certificate for Captive Portal

Did you upload it as a "server cert"?

 

Also, make sure the root CA that signed the cert is uploaded as a "Trusted CA".


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: