Security

Reply
lhb
New Contributor
Posts: 4
Registered: ‎10-27-2014

Clearpass guest captive page https ssl certificate with verisign cert access via internal network

Hello,

 

We have installed clearpass for the purpose of using it for guest access. The current setup has the CPPM connected to internal network.  I have got a trusted certificate fro verisign/symantec and installed it for the purpose of using it for the guest captive portal authentication.  I have setup our guest access on our sites and would like to authenticate guests and allow sponsors to approve their access.  I have setup a testbed for this purpose and found would like to know how I can go about getting the certificate to be valid when used with an internal (non-public) IP.  When the guests attach to the network they are directly on the internet vlan at the site which has no connection to our internal network.  How is it possible to get the guests to the internal CPPM server for the captive portal?  I have tested it now and it is working by getting the AP to NAT the guest requests and using the IP Address of the CPPM server.  However, when we have the certificate we need to use the FQDN of the CPPM server to ensure the certificate can be validated.  How can I get this to work?  Is it by pointing the Guest Users' DNS server to an internal server and allow this to work via policy? or is there a better way of doing this.

 

Thanks,

Liban.

 

 

Guru Elite
Posts: 8,192
Registered: ‎09-08-2010

Re: Clearpass guest captive page https ssl certificate with verisign cert access via internal networ

You can either make a public DNS entry or use the DNS proxy feature of your upstream router to add a static entry for ClearPass.

I've done both. They work equally well.

Thanks,
Tim

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Aruba Employee
Posts: 571
Registered: ‎04-17-2009

Re: Clearpass guest captive page https ssl certificate with verisign cert access via internal networ

What wireless hardware are you using?
Thanks,

Zach Jennings
lhb
New Contributor
Posts: 4
Registered: ‎10-27-2014

Re: Clearpass guest captive page https ssl certificate with verisign cert access via internal networ

Hello Tim,

 

Thanks for your suggestion.  I have now registered the clearpass in DNS with a private address and it works as you suggested.  I can now get to the clearpass captive portal via FQDN and there are no issues with the certificate validity.

 

Thanks,

Liban.

lhb
New Contributor
Posts: 4
Registered: ‎10-27-2014

Re: Clearpass guest captive page https ssl certificate with verisign cert access via internal networ

Hello Zack,

 

I am using Aruba Instant APs 204 and 205 with the virtual controller option.

 

Regards,

Liban.

Search Airheads
Showing results for 
Search instead for 
Did you mean: