Wireless Access

Reply
Contributor I
Posts: 79
Registered: ‎03-03-2015

Update of ArubaOS Default Certificate Revocation??

Hi Guys,

 

As we know that, the "securelogin.arubanetworks.com" certificate has been revoked by GeoTrust as it was compromised.

 

But is Aruba team has any intention to replace a new cert or self-signed cert like IAP in future OS release except suggesting the users to swap to private cert/public cert as resolution?

 

Thanks.

 

Guru Elite
Posts: 8,649
Registered: ‎09-08-2010

Re: Update of ArubaOS Default Certificate Revocation??

A public cert is always recommended for captive portal authentication. Self-signed certs are generated for the web UI using the common name instant.arubanetworks.com

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor I
Posts: 79
Registered: ‎03-03-2015

Re: Update of ArubaOS Default Certificate Revocation??

[ Edited ]

Hi Cappalli,

 

I understand public cert/ own private cert is recommended for deployments. But there are still some SME users are adapted to the securelogin cert for easy setup since;

 1. they do not have any CA server running in current

 2. they have no intention to purchase a public cert for aruba as this is an additional cost for them.

3. Captive portal is only for their internal guest usage so they are fine with it.

 

Thus, I am wondering is Aruba has intention re-insert a new cert or changed it to self-sign cert like IAP which controller do not have in current??

 

It would be useful for every existing customer that sticking to the securelogin cert.

 

MVP
Posts: 1,409
Registered: ‎05-28-2008

Re: Update of ArubaOS Default Certificate Revocation??

But a public cert must us common name ... Of a domain name. and the Captive portal is located internally and user redirected to it via ip address .
Even if i choose the public cert users getting error because the public cert is assigened to a domain name.

Please advise
*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Guru Elite
Posts: 8,649
Registered: ‎09-08-2010

Re: Update of ArubaOS Default Certificate Revocation??

If you don't use a public certificate, guest users will receive a certificate error. No internal PKI environment is required. A public cert can be acquired for $10-$30.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Guru Elite
Posts: 8,649
Registered: ‎09-08-2010

Re: Update of ArubaOS Default Certificate Revocation??

Any domain name can be used for the captive portal cert. It doesn't actually have to resolve to anything.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
MVP
Posts: 1,409
Registered: ‎05-28-2008

Re: Update of ArubaOS Default Certificate Revocation??

Please read my question above your post... I just cant figure it out... And i have a public cert that i would like to use it on internal captive , i uploaded it to the controller and choose it.. buy still getting an error .. because its must be with the same common name... What in doing wrong?
*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Contributor I
Posts: 79
Registered: ‎03-03-2015

Re: Update of ArubaOS Default Certificate Revocation??

Yes, correct.

Thus securelogin cert is work flawlessly for users until the revocation in recent.

 

I know a public / private server from own CA is always recommended than using the aruba default cert.

But still, don't Aruba team have intention to replace this or offering any alternate solution like self-signed as IAP do since the securelogin cert been offered over the years and now suddenly it is gone.

Guru Elite
Posts: 8,649
Registered: ‎09-08-2010

Re: Update of ArubaOS Default Certificate Revocation??

Kdisc,

Can you create a new thread? Hard to follow both sets of questions.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Guru Elite
Posts: 8,649
Registered: ‎09-08-2010

Re: Update of ArubaOS Default Certificate Revocation??

Self-signed certificates will be generated in new versions of code but client devices will still throw errors due to it being self-signed.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: