Wireless Access

Reply
Occasional Contributor II

SSL cert not working

Hi

 

Having an issue with an SSL cert which I want to use for the Captive portal on Aruba OS 8.2.1 running as a VMC

 

Steps done:

- CSR generated from the VMC sent to the CA

- received signed cert back  ( see attached)

- uploaded it onto the VMC - saved it as a PEM server cert

-Went to General setings and changed the default captive portal cert to the new cert called "Aruba" ( see attached)

- the CN specified on the cert has a DNS record pointing to the IP address of the VMC

 

However when I get redirected to the portal it still comes up with the default expired cert securelogin.arubanetworks.com

 

What am I missing/doing wrong, any ideas ?

 

thank you

 

 

Guru Elite

Re: SSL cert not working

1. You should not be creating a DNS entry. Remove that.
2. What is the output of show datapath fqdn?

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: SSL cert not working

Hi

Okay removed it

see below:

 

Datapath FQDN Entries
---------------------
securelogin.arubanetworks.com

192.168.100.216

 

Thanks

Guru Elite

Re: SSL cert not working

Then the captive portal cert did not apply correctly. Try selecting default, saving and then reselecting your certificate.

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: SSL cert not working

Hi Tim

 

Okay found my initial problem but have a couple of more questions

My full setup is 2x VMM and 2x VMC both layer 2 using VRRP for failover

My problem was that I  generated the CSR from the VMM so although the Cert uploaded to the VMC, the VMC still referenced the old securelogin cert, that why I I think the FQDN would not change to the new CN.

So I generated a CSR from the managed network group  where both my VMC were added, and when I clicked view current cert is shows me the new cert I generated on both VMC's

 

I uploaded the signed cert from the CA and came across the following:

On only the primary VMC it shows the FQDN change to my new CN the backup VMC still shows the securelogin CN

I had to add the DNS entry back on my local DNS server otherwise I get an unable to resolve my new CN

 

So as long as user traffic terminates on the primary VMC and I kept my DNS record in it works

 

So questions 1

Do I need to generate a CSR and purchase a certificate for each of VMC I have in a cluster ?

questions 2

You mention I should remove the DNS entry, please can explain how this should work if I remove it?

 

thank you for all the assistance

 

 

 

Guru Elite

Re: SSL cert not working

Do your CSR on another box.

 

Once you have the siged cert, combine it with the key and intermediate into a PFX/PKCS12 file and import it at /md and then set the captive portal cert at /md.

 

The FQDN is a virtual name and thus should not be in DNS.


Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: