I went back and forth with TAC yesterday. The last thing they told me was that my known-CA signed cert should have my controller's hostname in it and not securelogin.arubanetworks.com, so I should re-issue it. The cert does have all of the correct into in it though.
The issue is that even though the cert is loaded and selected to be used for the captive portal, the DEFAULT cert is still being presented on the CP page.
Does anyone know of any common things that might be causing this? I've audited my config against a controller where it is working and it's the same - except the controller where it is working is a standalone and this is a cluster.
*Note - TAC said that I had done everything right as far as uploading the certificate and choosing it to be used for captive portal. Also, I verified in the CLI that the GUI config matches.
Do I possibly need to just apply everything and then reboot for this to take? Maybe the web server service isn't restarting even though the GUI says it is? Should I manually restart httpd?
Thanks for any help!