03-25-2015 05:23 AM
My guest users are in a subnet that is non-routable on our internal network and therefore cannot reach my clearpass server. I have successfully created a GRE tunnel b/w my controller and clearpass. Guest users get redirected to a login page using the CPPM GRE tunnel IP. My questions is what do others do so that the guest users do not get a certificate warning when hitting https://<tunnelIP>/guest/login.php. We currently use Symantec/Versign for obtaining certificates and they no longer allow an IP address in the SAN field. Just curious what others do in this situation.
03-25-2015 06:06 AM
to make the GRE tunnel method work 100%.
Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
03-25-2015 06:08 AM
That's correct most Third party SSL companies do not accept IPs anymore.
You will need to use a dns name , what you can do is probably NAT the dns traffic just to reach the ClearPass server
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA