Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

ClearPass - Guest Self-Provisioning Cert Issue

This thread has been viewed 0 times

  • 1.  ClearPass - Guest Self-Provisioning Cert Issue

    Posted Dec 10, 2014 04:43 PM

    After guests attach to the Guest SSID they are redirected to ClearPass for the employee sponsorship piece.  When the redirection happens the guest is prompted with a cert warning (general warning saying 'click here to proceed (not recommended)'.  When proceeding to the self-registration page it works just fine, however I'm looking for a way to elminate the cert from the equation.  I noticed that the guest is redirected to internal data plane IP of the ClearPass server via HTTPS. Is there a way to redirect to the hostname?  Guests aren't going to our internal IP's and will always get cert errors in the process.  Trying to make this as streamlined as possible. 



  • 2.  RE: ClearPass - Guest Self-Provisioning Cert Issue
    Best Answer

    Posted Dec 10, 2014 04:56 PM

    You can configure your captive portal profile on the controller to not require HTTPS and also configure CP Guest to do the same.   Alternatively you can install a publically trusted certificate.

     

    Controller:

    aaa authentication captive-portal "<Your-CP-Profile>"

       protocol-http

       login-page "http://hostname/guest/guest_page.php"

     

    ClearPass Guest:

    Configuration --> Authentication

     

    cppm-no-https.png

     

     

     

     



  • 3.  RE: ClearPass - Guest Self-Provisioning Cert Issue

    Posted Dec 10, 2014 05:28 PM

    You are amazing.  Works like a champ.  THANK YOU for the quick response!!