Security

I just deployed Clearpass guest with PSK. windows users who were previously connected to Guest and now getting certifiacte warning and want to import a new certificate. How can I resolve this so users are not getting the popup warning? 

Do you have a captive portal configured?


Thanks,
Tim

yes - sorry left that out 

Do you have a public certificate installed?

If clients are attempting to access a secure site, they will likely get the certificate error. Unfortunately there's no way around this.


Thanks,
Tim

The cert its using would be the one under CPPM/administration/certificates/server certs ? 

 

Its a public signed Geotrust cert 

Yes. Unfortunately this will happen if users are trying to access a secure website.


Thanks,
Tim

Curious, how is it considered secure?  How do I make this unsecure ;-) 

 

yes I understand the risks

You would have to disable SSL for your captive portal. But you will still get the occasional redirect cert mismatch.


Thanks,
Tim

I have the captive portal on the instant controller to use port 80 and disable https. Is there another location? 

In CPG->Configuration->Authentication uncheck "Require HTTPS for guest access"

 

 

This will prevent the client from being redirected from port 80 to HTTPS on the ClearPass side.