Security

Hi everyone!

I’m facing an issue regarding to the recent securelogin revoked certificate.

I had followed the Arubas’s recommendation and I have now a public wildcard certificate. I installed the certificate on the Virtual Controller for captive portal. On Clearpass, web login configuration, I replaced securelogin.arubanetworks.com with something.company.com –“*  Address: ” field. My cert is *.company.com.

Guest users associate to the SSID and then they are redirected to clearpass login form. They validate their credentials and then redirected to https://something.company.com/cgi-bin/login. Any kind of browser says:

something.company.com’s server DNS address could not be found.

DNS_PROBE_FINISHED_NXDOMAIN

And then no access to the network.

Before Aruba’s certificate revoked, doing a nslookup to securelogin.arubanetworks.com returns an address 172.31.98.1, that points do the virtual controller.

I’m confused… how to get guest users connected with clearpass and a public wildcard certificate? There is any cookbook? I spent several hours googling and nothing comes up.

Thanks and best regards,

JM

Did you look at the FAQ?

https://community.arubanetworks.com/t5/Controller-less-WLANs/ArubaOS-Default-Certificate-Revocation-FAQ-Instant/ta-p/275814

---

@Joao Martins wrote:

 

Hi everyone!

 

I’m facing an issue regarding to the recent securelogin revoked certificate.

I had followed the Arubas’s recommendation and I have now a public wildcard certificate. I installed the certificate on the Virtual Controller for captive portal. On Clearpass, web login configuration, I replaced securelogin.arubanetworks.com with something.company.com –“*  Address: ” field. My cert is *.company.com.

 

Guest users associate to the SSID and then they are redirected to clearpass login form. They validate their credentials and then redirected to https://something.company.com/cgi-bin/login. Any kind of browser says:

something.company.com’s server DNS address could not be found.

DNS_PROBE_FINISHED_NXDOMAIN

 

And then no access to the network.

 

Before Aruba’s certificate revoked, doing a nslookup to securelogin.arubanetworks.com returns an address 172.31.98.1, that points do the virtual controller.

 

I’m confused… how to get guest users connected with clearpass and a public wildcard certificate? There is any cookbook? I spent several hours googling and nothing comes up.

 

Thanks and best regards,

JM

---

tl;dr

Wildcard Certificates are supported starting in Instant 6.5.0.0-4.3.0.0 Early Deployment code.

Hi!

Thanks everubody, indeed version 6.5.0 solved the issue.

Everything working well as expected.

Thanks!

JM 

Hi.

I am having the exact same issue that you had. The virtual controller does not intercept DNS traffic to server.somecompany.com (that I have changed the value to in Clearpass).

I am also running 6.5.0.0-4.3.0.0.

After you installed the *-cert in the virtual controller did you do anything else? Restart all APs for instance?

Best regards,

Petter Miller

Hi Petter.

Please check something like this on Clearpass Guest Management:

You must always use captiveportal-login.your.domain. I recomend you install the cert also on ClearPass (no big deal, it´s a *.cert), not mandatory for this case.

If you accomplish this, I believe you have solved the issue.

Let us know if you have been successful.

Best regards,

Joao Martins

Hi Joao.

captiveportal-login.your.domain resolved the issue. It now resolves captiveportal-login.your.domain to the internal VC address 172.31.98.1 which is correct. 

I had already installed the *-cert on both the virtual controller and on Clearpass. Everything seems to be working fine now.

Thanks for helping out.

Best regards,

Petter