Security

Reply
MVP
Posts: 2,954
Registered: ‎10-25-2011

Clearpass Guest certificate error for guest visitors

Hello

we have got  a client which doesnt want that the typical certificate error appears to their guest

Like when you selft register you are redirected to the captive portal of the clearpass but before that the guest get this

certificteerror.png

 

I bealive and im just verifiying with you guys that you just need to buy a public certificate like Verisign or godaddy as the certificate presented to the guest right now is the aruba one and as they do not have that root certificate on their machines they get that error.  IF i had a public one installed  on the clearpasss then i would not have this certificate error right?

 

Another question if that is correct

What type of certificate we should buy for this???

 

Any other thing i need to take in mind for this?

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Guru Elite
Posts: 8,330
Registered: ‎09-08-2010

Re: Clearpass Guest certificate error for guest visitors

Yes, you would need a publicly signed certificate. In this case, you would need a SAN certificate with both the IP address(es) and DNS name(s) (since it appears you are using the IP address in the redirect).

 

Keep in mind that most CAs will not issue certificates with private IPs in the SAN field.

 

Your other option is to disable SSL if you're not capturing sensitive information.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
MVP
Posts: 2,954
Registered: ‎10-25-2011

Re: Clearpass Guest certificate error for guest visitors

When you say 2 ip address you mean clearpass ip address and which other ip address?

What i got configured is on the captive portal profile a redirect to https://ip address of the clearpass/guest/login.php  on the controller which points to the clearpass.

Is there any technote about that???

 

 

Cheers

Carlos

 

 

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Guru Elite
Posts: 8,330
Registered: ‎09-08-2010

Re: Clearpass Guest certificate error for guest visitors

Why are you using IP address and not DNS name?


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
MVP
Posts: 2,954
Registered: ‎10-25-2011

Re: Clearpass Guest certificate error for guest visitors

I could change it, not a problem.  But the ip is not gonna change.   Any advantage of using the dns in this case?

 

Cheers

Carlos

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Guru Elite
Posts: 8,330
Registered: ‎09-08-2010

Re: Clearpass Guest certificate error for guest visitors

If you use the DNS name of the VIP, you only need a basic SSL certificate (~$99).


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
MVP
Posts: 2,954
Registered: ‎10-25-2011

Re: Clearpass Guest certificate error for guest visitors

There we go then :)

 

Right now they got the dns name configured in their DNS server

 

For now the clients are using a public dns server.  With ip address i dont have any issue with that.

 

If i put the DNS name then  i would need to chnage the DNS server of the DHCP server of the clients to point the internal dns server so they can resolve who is the clearpass.

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Guru Elite
Posts: 8,330
Registered: ‎09-08-2010

Re: Clearpass Guest certificate error for guest visitors

Does the router handling your guest network support DNS proxy? If so, just add in a static DNS entry pointing to ClearPass and point the guest users to the router for DNS.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
MVP
Posts: 2,954
Registered: ‎10-25-2011

Re: Clearpass Guest certificate error for guest visitors

Well the controller is doing that.   Does the controller support this? never configured it before though.

 

On the controller I got it configure this way.

A vlan that only exist in the controller, and im natting the guest users throught the ip of the controller.

 

Another question the VIP on an stand alone Clearpass is already configured? i mean  i just configured the normal ip address on the clearpass and thats it.

Im not using  a VIP as i dont  have 2 nodes or anyhthing of that.  So is not configured.

 

 

Cheers

Carlos

 

 

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Moderator
Posts: 477
Registered: ‎11-09-2012

Re: Clearpass Guest certificate error for guest visitors

Here is my Technote in CPPM PKI. Please always check for TechNotes.

 

 

CPPM - Certificates 101 Technote V1.0 .pdf

 

All other TechNotes here.... 

 

http://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Default.aspx?EntryId=7961

 

 


Best Regards
-d

Snr Tech Marketing Engineer - ClearPass

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Search Airheads
Showing results for 
Search instead for 
Did you mean: