a month ago
Due to the known issues with the securelogin.arubanetworks.com certificate I am trying to install my own certificate on to an IAP (in conjunction with clearpass at the back end).
However I am running in to some issues which I try to resolve as well as trying to understand things I discovered during my investigation.
- To start, I first tested using the default pre installed securelogin.arubanetworks.com cert.
To my surprise, it did no longer throw the revocation error.
Is this something that has been resolved?
But instead of the revocation error I did get a weak cipher error in chrome and firefox, IE9 did not seem to care and just continued.
(and the whole solution worked as designed, only with some annoying cert errors)
At this point I decided that it was still a good idea to continue installing my own cert (no weak cipher stuf, and putting myself in control of the cert stuff)
- So I installed my public signed wildcard certificate (*.mydomain.com), including the private key and root certs. And on clearpass I changed the address to "securelogin.mydomain.com"
When testing it showed me the clearpass guest page, I authenticated successfully. But it throw me a 'domain not found' error afterwards, when redirecting.
- Now I changed it to captiveportal-login.mydomain.com and gone has the "domain not found" error. Why is it that I need to use "captiveportal-login"?
- However, I'm still not there. When the guest portal authentication page pops up, I enter the correct credentials and after submitting I receive the portal authentication page again, with the following error message: "login error. please retry."
Clearpass access tracker shows: "application guest access - web login: accept", but no radius could be observed.
At the moment I'm out of ideas, please advise?
Solved! Go to Solution.
a month ago
if you are using the wildcard cert then you need to use captiveportal-login.yourdomain but if is not a wildcard you should be able to use the secure login.yourdomain
When you create a guest self registration page by default it will perform a RADIUS authentication , there's a template available for guest or guest with Mac caching
Get Outlook for iOS
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
a month ago
I managed to get this working.
It appeared the radius config dissapeared from the SSID after a reboot.
I added it again and all was working.
But one of my questions remains, when using a wildcard cert.
Why does the redirect need to go to "captiveportal-login.mydomain.com"?