09-20-2016 04:38 AM
It seems the latest google chrome version has some new protection for SSL sites.
All my captive portal users are getting a blocking page on google chrome when it tries to initially redirect to:
The error says there is an SHA-1 error.
Any ideas how to fix this? Its always worked in the past.
Solved! Go to Solution.
09-20-2016 04:42 AM
09-21-2016 08:02 AM
Thanks, this is a huge issue as our entire campus BYOD deployment is now suddenly not working :(
I have purchased a SSL wildcard certificate from https://www.123-reg.co.uk/ssl-certificates/ and downloaded the text of the certificate. Could you explain to me how to import it?
I'm following this guide but stuck on the certificate format and certificate type drop downs. The documentation doesnt appear to explain what these 2 selections should mean? I have checked with our registra and they just provide a text file with the certificate, no mention of what "format" or "type" it is. They told me it was a standard "wildcard SSL"
09-21-2016 08:38 AM
09-28-2016 07:26 AM
On the controller I did:
Configuration >> certificates >> CSR >> 2048 >> our ssl domain name >> fill out rest of details.
Be careful not to click 1024 as the SSL request will be rejected (this delayed me 2 days!!).
I then copied this CSR request and submitted to our SSL certificate supplier.
I went to an online domain registrar linked above, bought a certificate using the CSR created on the aruba controller. They sent me an SSL gs_intermediate_ca.crt file and a mydomainname.crt file.
I then uploaded the CSR mydomainname.crt file to the aruba certificates >> uploads page. It uploaded sucessfully.
I then went to configuration >> management >> general >> and changed Captive Portal Certificate >> Server Certificate to my new certificate.
Then I tested it with a guest client device, unfortunatly even though the SSL page shows up correctly, it still thinks its an invalid certificate :( Google chrome reports "it does not have enough information to know the conection is secure". There is still a red box next to the new domain name.
Any other ideas?
11-16-2016 06:03 AM
After nearly 2 months battling with certificates and endless problems, I just gave up and turned off the option of HTTPS access. Its fixed everything perfectly and we have no more errors on our captive portal using Google Crome.
While I realize this is now less secure, it really was a desperate situation with our BYOD system basically inaccesible for 2 months, so i'm happy with the fix.
For anyone else the option is in:
Confirguration >> Authentication >> L3 authentication >> captive portal authentication >> Your guest SSID profile >> "use http for authentication" [x] (make sure its enabled).
So much for the 3 click rule :D