Wireless Access

Reply
Contributor I

External Captive Portal with public controller certificate

Hi:

If I load a valid public certificate on a controller, will it intercept DNS request for that address and return its own IP?

(or does it only do that for securelogin.arubanetworks.com?)

 

I'm trying to setup a Clearpass captive portal.

The user redirects properly to a Clearpass login page.

In the Clearpass Guest login page setup I set the posting address to the name of the certificate on the controller.

On the controller, that public certificate is set as the Captive Portal Certificate.

 

But when logging in, the user gets a DNS failure message.

 

I'm guessing I could put an entry in my local DNS server for the controllers' name, but I'd rather avoid that if I can.

 

Should the controller intercept this, or is there something else I need to do?

 

Thanks.

 

Guru Elite

Re: External Captive Portal with public controller certificate

The controller will answer for the FQDN defined as the common name of the captive portal certificate. Do not create an entry in DNS.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Guru Elite

Re: External Captive Portal with public controller certificate

The controller will always intercept DNS requests for the fqdn on the controller's web server certificate.   If you haven't please take a look at the document here:  http://community.arubanetworks.com/t5/Controller-Based-WLANs/How-does-Aruba-Controller-work-with-wild-card-certificate-for/ta-p/203199

 

The question is, have you uploaded the certificate on the controller and selected that for use in the Captive Portal?

 

Configuration> Management> General> Captive Portal Certificate.

 

You would use the "show datapath fqdn" command to confirm what the fqdn of the controller is:  http://community.arubanetworks.com/t5/Controller-Based-WLANs/How-to-know-the-common-name-of-the-certificate-that-is-mapped-in/ta-p/290920



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor I

Re: External Captive Portal with public controller certificate

Thank you, both Tim and Colin.

"show datapath fqdn" is a great command to know about!

 

Even though the GUI showed the new, correct certificate for Captive Portal, 'show datapath fqdn' output showed securelogin.arubanetworks.com.

 

I set the Captive Portal Certificate to default, hit apply, then set it back to the new cert, and hit apply.

Now the CLI command shows the name of the new name, and the user authenticates correctly.

 

Thanks.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: