Hi,
i have the following on my Aruba controller :
login-page "https://192.168.203.30/guest/guest.php"
Whenever a user connects his browser gets a warning in IE or Chrome because the Clearpass server https certificate has CN=wifi-003 instead of 192.168.203.30. It is possible to continue, but not a nice setup.
The logical solution would be to create a selfsigned certificate, register the name in dns.
Here comes the problem... The certificate signing server is in a domain, which is not externally available. So let's assume it's in domain contosa.com. This domain is only available internal.
So i could create a selfsigned certificate wifi-003.contosa.com, change the login-page to :
login-page "https://wifi-003.contosa.com/guest/guest.php"
but nobody could resolve it since the guest network only has Google's dns servers for resolving.
I do not have any detail what a browser verifies, but i assume creating a selfsigned certificate on the certificate server in domain contosa.com with CN=wifi-003.contosanew.com also would not work?
I noticed however the SAN option in the CSR is available in Clearpass. Can this one be used to specify a FQDN which we do own? And then specify that FQDN in the login-page?