My guest users are in a subnet that is non-routable on our internal network and therefore cannot reach my clearpass server. I have successfully created a GRE tunnel b/w my controller and clearpass. Guest users get redirected to a login page using the CPPM GRE tunnel IP. My questions is what do others do so that the guest users do not get a certificate warning when hitting https://<tunnelIP>/guest/login.php. We currently use Symantec/Versign for obtaining certificates and they no longer allow an IP address in the SAN field. Just curious what others do in this situation.
That's correct most Third party SSL companies do not accept IPs anymore.
You will need to use a dns name , what you can do is probably NAT the dns traffic just to reach the ClearPass server
© Copyright 2024 Hewlett Packard Enterprise Development LPAll Rights Reserved.