Security

Reply
Contributor II
Posts: 41
Registered: ‎05-17-2016

Wildcard cert

Hi all,

 

We are changing Captive Portal certificat on our IAP clusters from Aruba default one to a wildcard one. After loading new cert onto a cluster we will have to change a field on ClearPass displaying new hostname (CA used to create certificate).

 

Two questions: a) where on ClerPass should we change hostname, and b) as we are using wildcard cert can we change it just into "*.domain.co.uk"?

 

Thanks,

AlanFord

Kind regards,
AlanFord
Guru Elite
Posts: 8,774
Registered: ‎09-08-2010

Re: Wildcard cert

Did you take a look at this:

https://community.arubanetworks.com/t5/Controller-less-WLANs/ArubaOS-Default
-Certificate-Revocation-FAQ-Instant/ta-p/275814

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Guru Elite
Posts: 21,555
Registered: ‎03-29-2007

Re: Wildcard cert


AlanFord wrote:

Hi all,

 

We are changing Captive Portal certificat on our IAP clusters from Aruba default one to a wildcard one. After loading new cert onto a cluster we will have to change a field on ClearPass displaying new hostname (CA used to create certificate).

 

Two questions: a) where on ClerPass should we change hostname, and b) as we are using wildcard cert can we change it just into "*.domain.co.uk"?

 

Thanks,

AlanFord


Two things:

 

Wildcard certificates for captive portal are supported on InstantOS 4.3.0.0 and beyond, not before.

The article here:  http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/How-to-configure-ClearPass-Guest-Amigopod-web-login-when-using/ta-p/176438 describes what you would change in ClearPass.  I know it says controller-based, but the ClearPass mechanism is the same.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor II
Posts: 41
Registered: ‎05-17-2016

Re: Wildcard cert

Thanks Colin,

 

Great link. We are running on InstantOS 6.1, so that should be OK.

 

 

Regards,

AlanFord

 

 

Kind regards,
AlanFord
Search Airheads
Showing results for 
Search instead for 
Did you mean: