Wireless Access

Reply
Contributor I

Captive Portal doesn't work on Chrome

I have the Captive Portal set to redirect the user to a page where they can enter their name, email and a sponsor's email. The issue is when their default browser is Chrome it doesn't work. Instead of sending them to the Captive Portal they just get an error page saying "Connect to Wi-Fi
The Wi-Fi you are using (*****_Guest) may require you to visit its login page." I cant manually navigate to the login page either. 

 

When they set their default browser to IE it will come up with a security page asking if they want to proceed, but after that it works fine. I set the Captive Portal page on the IAPs to the domain name instead of the IP and it loads in Chrome, but when they try to login after being confirmed by their sponsor, it goes to that same "Connect to Wi-Fi page". Not sure what the issue is here with Chrome, any suggestions?

Contributor I

Re: Captive Portal doesn't work on Chrome

Most likley you redirect the users to the login page on the controller or instant which resolves internally to securelogin.arubanetworks.com .

The SSL certificate issued for securelogin.arubanetworks.com is revoked. So you get either a security warning as in IE or the browser will have issues. You will have more issues on smartphones and tablets where you can't choose a different browser.
Only way to resolve this issue is to install a public ssl certificate on your (virtual) controller. Which is also considered best practice.

Contributor I

Re: Captive Portal doesn't work on Chrome

Thanks for the heads up. I installed a wildcard cert in ClearPass and changed the login IP Address in ClearPass Guest to clearpass.domain.com. I changed the Captive Portal on the VC from the IP address of ClearPass to the domain so that the wildcard cert is applied. Now I can get to the login page, send the sponsor email, and click login but then it gets hung on that securelogin.arubanetworks.com which is no longer working. Not sure why it is still redirecting to that page. 

 

Contributor I

Re: Captive Portal doesn't work on Chrome

If you have installed a wildcard certificate also on the controller, you have to cahnge the login address in the NAS login settings of self-registration to captiveportal-login.name of the domain on the certificate

After that login will work. 

Contributor I

Re: Captive Portal doesn't work on Chrome

I did change the NAS setting but cant figure out how to get the certificate installed on AirWaves. I go to Device Setup > Certificates and try to load my certificate but it doesn't accept the format. Mine is in .crt and AirWaves doesn't seem to have that format. Does that mean it's just the wrong type of cert or am I doing something wrong?

Contributor I

Re: Captive Portal doesn't work on Chrome

Aruba Instant and with that Airwave accepts only one file as certificate.

Which should consist of the certificate, a private key file and the root/intemediate certificates. Best way is to use a pem file.

See this post: http://community.arubanetworks.com/t5/Controller-less-WLANs/How-to-Create-a-Certificate-for-Instant-Captive-Portal-using/ta-p/277025

 

I use tools like sourceforge xca to build a pem file from an existing certificate and private key file

Contributor I

Re: Captive Portal doesn't work on Chrome

EDIT: Think I figured it out. Under Groups > Basic > Aruba Instant there is a Captive Portal Cert option where you can select the cert to use. Going to run that command later tonight and see if that works. 

 

I used XCA to import my Private Key and export it as a 'PEM private (*.pem)' file. I then opened the exported Key file and pasted the text from my wilcard + intermediate .crt file and saved it, retaining the PEM format. I loaded that file into Device Setup > Certificates. Like I mentioned before, I already went to Guest Self-Registrations > NAS Vendor Settings > Ip Address and entered 'clearpass.domain.com'. I am still being redirected to the securelogin page though. Feel like there is something I am missing here. 

 

Thanks for the help BTW, XCA was a lifesaver. Couldn't get the OpenSSL commands to work earlier. 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: