09-18-2014 10:29 AM
We have constant problems with iOS devices trying to gain internet access via our portal. I know it's related to OCSP, in some form or fashion, because when I disable OCSP in the client web browser - SHAZAM!...I have internet access. Without disabling OCSP, the browser will often time out trying to ultimately gain internet connectivity.
I've opend a case with TAC and they've made changes to our system using this KB article as a guide: https://arubanetworkskb.secure.force.com/pkb/artic
I'm wondering if it's far more simple; I'm wondering if it's because we're using a 3rd party certificate issued by Network Solutions and we should just buy a cert from either Thawte or Verisign which, by default, are MUCH much more trusted by client browsers??? I think this is why disabling OCSP works because you're bascially telling the client browser to ignore the cert - just accept it - don't bother trying to verify whether it's legit or not.
Do other people have this same issue? Who do you buy your certs from?
Solved! Go to Solution.
09-18-2014 10:37 AM
Here's an example for the built-in controller certificate (securelogin.arubanetworks.com) (screenshots are from AOS 6.4)
ip domain lookup
ip domain-name <your-domain>
ip name-server <your-dns-server>
netdestination GEOTRUST-OCSP name ocsp.geotrust.com !
09-18-2014 11:02 AM