03-01-2012 03:37 AM
when using the guest voucher wifi access it points or forwards one to securelogin.arubanetworks.com , can this CN be changed to somewhat else ? e.g. securelogin.customerdomain.com ?
anyone knows some CA which offers public verified 30 days trial certificates to show customers the securelogin without the cert warning message with their browsers where not the trial root/intermediate CA must be imported ?
verisign i wasnt able to get some trial certificate for the securelogin.arubanetworks.com URL , in this case it would be ok to use the root/intermediate ca certificate which must be additinally installed in the specific browser so the chain is working.
03-01-2012 06:17 AM
To change the default cert, you need to generate a Certificate Signing Request (CSR). When you create a CSR (on the Aruba controller) there is a field for "Common Name". This is the FQDN you want to use such as "securelogin.yourcompany.com". You then need to provide this CSR to a Certificate Authority for signing and then they will return you a cert you import to the controller. Once the signed cert is imported, you have to associate the cert with the Captive Portal Profile. Take a look at the chapter in the admin guide titled "Managing Certificates" for additional information.
As for free/trial SSL Cert, I've used "Free SSL" in the past. They allow a 30 day trial. Another way to do this if you don't mind getting the error about the cert, is to sign the cert yourself using an internal CA (assuming you have one or the capabilities to set one up).
Hope this helps.
03-01-2012 06:26 AM
yeah exactly CSR ive done, we use this as internal access to the controller aswell, in my case it's some demo controller and i wanted to show customers e..g. to use some trial cert to not have the cert warning , but aslong as there's always need to use special root/intermediate "trial root" ca's cert those no-one has pre-defualt included in the browser.
in my case i did some CSR but pointed to securelogin.arubanetworks. for sure thats not working perhaps cause the CA doesnt allow that , yeah thats good point in cp-profile, didnt know that im able to change or "how" to change.
03-01-2012 01:13 PM
Did you change the captive portal certificate under
Configuration --> Management --> General --> Captive portal certificate
If that didnot work, please share the output of
show crypto-local pki serverCert
Principal Network Engineer
Customer Advocacy | Aruba Networks Inc.
Did something you read in the Community solve a problem for you? If so, click "Accept as Solution" in the bottom right hand corner of the post.
09-25-2012 03:38 AM
If you are installing at a client site, their domain CA could sign the CSR and hence remove the security warning for the domain member computers.
Othervise, if you want everybody to trust your CP page, you should use a certificated signed by a trusted (public) CA.