Wireless Access

Reply
Frequent Contributor I

Captive Portal cert set, but securelogin.arubanetworks.com cert still being used...

I have a pair of 3400 controllers in a cluster:

Model:Aruba3400-US
Version:6.4.2.15

I created a CSR on a different machine and obtained a known CA signed cert for these boxes.  I took that cert file in PEM format and appended the intermediate & CA certs and the key to the file, then uploaded it to both boxes.  I also uploaded the intermediate as 'intermediate' and the CA as 'TrustedCA'.  Then I went to Management > General > 'Captive Portal Certificate' and selected this cert on both boxes.  For some reason, when I log in via captive portal, the controller is still using the 'securelogin.arubanetworks.com' cert.

 

Am I missing something?

 

Thanks for any help!

Frequent Contributor I

Re: Captive Portal cert set, but securelogin.arubanetworks.com cert still being used...

Note - I get redirected to the URL that is in the cert, but that page is presenting the securelogin.aruba.networks.com cert still.

Re: Captive Portal cert set, but securelogin.arubanetworks.com cert still being used...

Did you changed the Captive Portal Certificate to point to the new one you uploaded under Management > General ?
If you are using ClearPass you also need to update it with the new name under NAS settings
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Frequent Contributor I

Re: Captive Portal cert set, but securelogin.arubanetworks.com cert still being used...

Yes.  I did that.  I'm not using clear pass.  My captive portal is hosted on the controller.

Guru Elite

Re: Captive Portal cert set, but securelogin.arubanetworks.com cert still being used...

I think you should open a TAC case...



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I

Re: Captive Portal cert set, but securelogin.arubanetworks.com cert still being used...

I went back and forth with TAC yesterday.  The last thing they told me was that my known-CA signed cert should have my controller's hostname in it and not securelogin.arubanetworks.com, so I should re-issue it.  The cert does have all of the correct into in it though.

 

The issue is that even though the cert is loaded and selected to be used for the captive portal, the DEFAULT cert is still being presented on the CP page.

 

Does anyone know of any common things that might be causing this?  I've audited my config against a controller where it is working and it's the same - except the controller where it is working is a standalone and this is a cluster.

 

*Note - TAC said that I had done everything right as far as uploading the certificate and choosing it to be used for captive portal.  Also, I verified in the CLI that the GUI config matches.

 

Do I possibly need to just apply everything and then reboot for this to take?  Maybe the web server service isn't restarting even though the GUI says it is?  Should I manually restart httpd?

 

Thanks for any help!

Frequent Contributor I

Re: Captive Portal cert set, but securelogin.arubanetworks.com cert still being used...

Also - if I choose my internally signed cert that I also use on the web admin UI, it seems to stick.

 

Is there an order that my cert and key should be placed into the cert file?

Frequent Contributor I

Re: Captive Portal cert set, but securelogin.arubanetworks.com cert still being used...

process restart httpd

 

Boom - correct cert is presented and everything works.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: