Wireless Access

Reply
Frequent Contributor I
Posts: 91
Registered: ‎08-10-2015

Captive Portal Intermediate Cert

I just installed a cert from a trusted CA, but was still getting an untrusted CA warning.  The cert provider instructions included a note saying the intermediate cert should be installed as well.  I looked for how to do that and saw a post that said to just append it to the cert file and upload it to the controller.  The controller took it, but now it's giving "securelogin.arubanetworks.com" for the captive portal - which makes me think I did that wrong.  Doesn't the controller pull the hostname from the cert?

 

"To correctly install your certificate, it is important to
configure the server to use the intermediate DigiCertCA.crt
file in addition to the acme.company.crt"

Guru Elite
Posts: 8,755
Registered: ‎09-08-2010

Re: Captive Portal Intermediate Cert

Did you set that certificate as teh captive portal cert?


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor I
Posts: 91
Registered: ‎08-10-2015

Re: Captive Portal Intermediate Cert

Yep!  And after I made the change to append the intermediate cert, I went and made sure the new one I uploaded with the intermediate cert was selected.

 

The file is a .crt file, pem format and it looks like this:

 

-----BEGIN CERTIFICATE-----
blahblahblah server cert
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
blahblahblah intermediate cert
-----END CERTIFICATE-----

 

When I view the cert in the controller, I see the correct hostname and details of the cert.

Guru Elite
Posts: 8,755
Registered: ‎09-08-2010

Re: Captive Portal Intermediate Cert

Try nesting all 3 certificates into the server cert file (server, int, root). You’ll also want to import the intermediate and root individually to the controller.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor I
Posts: 91
Registered: ‎08-10-2015

Re: Captive Portal Intermediate Cert

This is the error I'm seeing now.  The white empty space is the hostname of our controller that the cert is for.

 

screenshot99.png

Guru Elite
Posts: 8,755
Registered: ‎09-08-2010

Re: Captive Portal Intermediate Cert

Do you have multiple controllers?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor I
Posts: 91
Registered: ‎08-10-2015

Re: Captive Portal Intermediate Cert

There is just one physical controller (7005) in this location and it's not tied to our other Aruba controllers in any way (local/master, etc.).

Frequent Contributor I
Posts: 91
Registered: ‎08-10-2015

Re: Captive Portal Intermediate Cert

I hadn't done this yet.  When I posted the screen shot, I didn't see this reply.

 

When you say nest them, you mean all within the same file, correct?  And when you say to import the intermediate and CA, would I import them as trusted CAs?

Guru Elite
Posts: 8,755
Registered: ‎09-08-2010

Re: Captive Portal Intermediate Cert

Correct, combine them all into the same file in the order of server cert, int, root and import as the server cert.

Then import the intermediate as type Intermediate CA and the root as type Trusted CA.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor I
Posts: 91
Registered: ‎08-10-2015

Re: Captive Portal Intermediate Cert

Done.  I'll have to wait til tomorrow for the user to  be on site again to test.

 

I'll update the thread tomorrow.

 

Thanks!

 

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: