04-29-2016 09:07 AM - edited 04-29-2016 09:08 AM
I have a pair of 3400 controllers in a cluster:
I created a CSR on a different machine and obtained a known CA signed cert for these boxes. I took that cert file in PEM format and appended the intermediate & CA certs and the key to the file, then uploaded it to both boxes. I also uploaded the intermediate as 'intermediate' and the CA as 'TrustedCA'. Then I went to Management > General > 'Captive Portal Certificate' and selected this cert on both boxes. For some reason, when I log in via captive portal, the controller is still using the 'securelogin.arubanetworks.com' cert.
Am I missing something?
Thanks for any help!
Solved! Go to Solution.
04-29-2016 09:19 AM
Note - I get redirected to the URL that is in the cert, but that page is presenting the securelogin.aruba.networks.com cert still.
04-29-2016 09:53 AM
If you are using ClearPass you also need to update it with the new name under NAS settings
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
04-29-2016 08:37 PM
I think you should open a TAC case...
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
05-03-2016 09:28 AM - edited 05-03-2016 09:29 AM
I went back and forth with TAC yesterday. The last thing they told me was that my known-CA signed cert should have my controller's hostname in it and not securelogin.arubanetworks.com, so I should re-issue it. The cert does have all of the correct into in it though.
The issue is that even though the cert is loaded and selected to be used for the captive portal, the DEFAULT cert is still being presented on the CP page.
Does anyone know of any common things that might be causing this? I've audited my config against a controller where it is working and it's the same - except the controller where it is working is a standalone and this is a cluster.
*Note - TAC said that I had done everything right as far as uploading the certificate and choosing it to be used for captive portal. Also, I verified in the CLI that the GUI config matches.
Do I possibly need to just apply everything and then reboot for this to take? Maybe the web server service isn't restarting even though the GUI says it is? Should I manually restart httpd?
Thanks for any help!
05-03-2016 09:59 AM
Also - if I choose my internally signed cert that I also use on the web admin UI, it seems to stick.
Is there an order that my cert and key should be placed into the cert file?