Security

Reply
New Contributor
Posts: 3
Registered: ‎06-03-2016

Issues regarding CPP Guest Access and IAP securelogin.arubanetworks.com revoked cert

 

Hi everyone!

 

I’m facing an issue regarding to the recent securelogin revoked certificate.

I had followed the Arubas’s recommendation and I have now a public wildcard certificate. I installed the certificate on the Virtual Controller for captive portal. On Clearpass, web login configuration, I replaced securelogin.arubanetworks.com with something.company.com –“*  Address: ” field. My cert is *.company.com.

 

Guest users associate to the SSID and then they are redirected to clearpass login form. They validate their credentials and then redirected to https://something.company.com/cgi-bin/login. Any kind of browser says:

something.company.com’s server DNS address could not be found.

DNS_PROBE_FINISHED_NXDOMAIN

 

And then no access to the network.

 

Before Aruba’s certificate revoked, doing a nslookup to securelogin.arubanetworks.com returns an address 172.31.98.1, that points do the virtual controller.

 

I’m confused… how to get guest users connected with clearpass and a public wildcard certificate? There is any cookbook? I spent several hours googling and nothing comes up.

 

Thanks and best regards,

JM

Guru Elite
Posts: 8,456
Registered: ‎09-08-2010

Re: Issues regarding CPP Guest Access and IAP securelogin.arubanetworks.com revoked cert

Guru Elite
Posts: 21,007
Registered: ‎03-29-2007

Re: Issues regarding CPP Guest Access and IAP securelogin.arubanetworks.com revoked cert

[ Edited ]

Joao Martins wrote:

 

Hi everyone!

 

I’m facing an issue regarding to the recent securelogin revoked certificate.

I had followed the Arubas’s recommendation and I have now a public wildcard certificate. I installed the certificate on the Virtual Controller for captive portal. On Clearpass, web login configuration, I replaced securelogin.arubanetworks.com with something.company.com –“*  Address: ” field. My cert is *.company.com.

 

Guest users associate to the SSID and then they are redirected to clearpass login form. They validate their credentials and then redirected to https://something.company.com/cgi-bin/login. Any kind of browser says:

something.company.com’s server DNS address could not be found.

DNS_PROBE_FINISHED_NXDOMAIN

 

And then no access to the network.

 

Before Aruba’s certificate revoked, doing a nslookup to securelogin.arubanetworks.com returns an address 172.31.98.1, that points do the virtual controller.

 

I’m confused… how to get guest users connected with clearpass and a public wildcard certificate? There is any cookbook? I spent several hours googling and nothing comes up.

 

Thanks and best regards,

JM


tl;dr

 

Wildcard Certificates are supported starting in Instant 6.5.0.0-4.3.0.0 Early Deployment code.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor
Posts: 3
Registered: ‎06-03-2016

Re: Issues regarding CPP Guest Access and IAP securelogin.arubanetworks.com revoked cert

Hi!

 

Thanks everubody, indeed version 6.5.0 solved the issue.

Everything working well as expected.

 

Thanks!

 

JM 

Occasional Contributor I
Posts: 6
Registered: ‎12-07-2016

Re: Issues regarding CPP Guest Access and IAP securelogin.arubanetworks.com revoked cert

Hi.

 

I am having the exact same issue that you had. The virtual controller does not intercept DNS traffic to server.somecompany.com (that I have changed the value to in Clearpass).

 

I am also running 6.5.0.0-4.3.0.0.

 

After you installed the *-cert in the virtual controller did you do anything else? Restart all APs for instance?

 

Best regards,

Petter Miller

New Contributor
Posts: 3
Registered: ‎06-03-2016

Re: Issues regarding CPP Guest Access and IAP securelogin.arubanetworks.com revoked cert

[ Edited ]

Hi Petter.

 

Please check something like this on Clearpass Guest Management:

 

q3.PNG

 

You must always use captiveportal-login.your.domain. I recomend you install the cert also on ClearPass (no big deal, it´s a *.cert), not mandatory for this case.

 

If you accomplish this, I believe you have solved the issue.

Let us know if you have been successful.

 

Best regards,

 

Joao Martins

 

Occasional Contributor I
Posts: 6
Registered: ‎12-07-2016

Re: Issues regarding CPP Guest Access and IAP securelogin.arubanetworks.com revoked cert

Hi Joao.

 

captiveportal-login.your.domain resolved the issue. It now resolves captiveportal-login.your.domain to the internal VC address 172.31.98.1 which is correct. 

 

I had already installed the *-cert on both the virtual controller and on Clearpass. Everything seems to be working fine now.

 

Thanks for helping out.

 

Best regards,

Petter

Search Airheads
Showing results for 
Search instead for 
Did you mean: