Search the Community
- Global Forums
- ClearPass Recipe Review
- ClearPass Recipe Submission
- Admin Tool - Assign Role in Bulk
- Admin Tool - User Search
- CWNP Conf 2015
- Airheads Conference Vegas 2015
- Wlan Pro Conference 2015
- Airheads Conference Shanghai 2014
- WLAN Pro Conf EU 2014
- CWNP Conference 2014 (Sep 22 - 24)
- Airheads Local 2014
- Wireless Field Day 7 (Aug 6-8, 2014)
- Black Hat 2014 Contest
- Airheads EMEA Italy 2014 (June 9 - 13)
- Americas Airheads Conference 2014
- WLAN Professionals Summit 2014
- Airheads Roadshow 2013
- EMEA Airheads Conference 2013
- APJ Airheads Conference 2013
- Americas Airheads Conference 2013
- Americas Airheads Conference 2012
- APJ Airheads Conference 2012
- EMEA Airheads Conference 2012
- Airheads EMEA 2012 Contest: How to Enter - Contest Terms & Conditions
- Airheads EMEA 2012 Contest: Create your Entry to Win Here!
- Airheads Conferences Prior to 2012
- Americas Airheads Local Events 2012
- EMEA Airheads Local Events 2012
- Wireless Field Day 3 @ Aruba Networks
- Wireless Tech Field Day 2- Silicon Valley
- Wi-Fi Mobility Symposium- San Jose, CA USA
- SDN Apps
- Connector Translation Testing area
No, the options for captive portal on a controller are: 1) Same standard cert on every...No, the options for captive portal on a controller are:
1) Same standard cert on every controller
2) Wildcard certificate
Sorry but just to be sure, i can buy only one certificate and put it on every controller ?  ...
Sorry but just to be sure, i can buy only one certificate and put it on every controller ?
ps: for information, i use 802.1X with EAP terminal on my controller.
Thanks an lot.
As noted in the FAQ, a single certificate can be used across your controllers although you should...As noted in the FAQ, a single certificate can be used across your controllers although you should check with your security team.
Did you generate the CSR on the controller or external server? If you did it on the...Did you generate the CSR on the controller or external server?
If you did it on the controller, you can simply use Apache.
If you did it on an external server, you can also use Apache but you'll need
to combine the public and private key into a p12/pfx file.
...controllers (not in a cluster). - Is it possible to take a SSL UCC/SAN to securise multiple...
I'll take a public certificate but i have questions. For information, I have 3 controllers (not in a cluster).
- Is it possible to take a SSL UCC/SAN to securise multiple domain names ?
- May I have to generate one CSR by controller ?
Thanks for your help.
1- A certificate can be used across controllers, but you should check with your security team. If...1- A certificate can be used across controllers, but you should check with
your security team. If you do end up going this route, the CSR must be
generated on an external device so you can export the private key.
2- No reboot is required
3- You need to select the cert for captive portal under General. No other
changes are required on the controller.
I have 220+ controllers. Do you suggest a separate cert for each controller, or use the same...
I have 220+ controllers. Do you suggest a separate cert for each controller, or use the same cert on each? If it's a single cert, say "openwifi.mycompany.com," will there be a problem with the name mismatch (as the CP redirect will be to https://controllerIP.xxxxxxx), prompting the users to proceed/trust? If so, how is that different from them having to trust a self-signed cert?
Meaning, as of now the problem seems to be with some users that aren't getting any sort of prompt to accept/trust/install this new cert - almost as if they are still seeing the old GeoTrust that has been revoked instead of the new cert.
...- In case of a cluster of 2 controlers, should the certificate be uploaded on both ? 2- Once the...
I have 3 questions regarding the certificate replacement process :
1- In case of a cluster of 2 controlers, should the certificate be uploaded on both ?
2- Once the certificated is uploaded, is a reboot required ?
3- Is there anything to change regarding the captive portal URL or will it adapt automatically ?
Thank you all for your answers.
...OpenSSL and I put that out there on all of our controllers Friday night/Saturday morning.  ...
So, I’m one of the users that was using the default cert in production (CP is on internet-only network that doesn't touch corporate network) .
We created a self-signed cert with OpenSSL and I put that out there on all of our controllers Friday night/Saturday morning.
We are starting to get calls from people that can’t pull up the captive portal page – either the browser gives an error message and no option to override/trust the new cert, or doesn’t give anything, just doesn’t load.
Is there is something that needs to be done to purge the old cert, or a way to force the browsers to prompt the users to trust the new cert?
So far it isn't limited to a certain browser - complaints have come from users of IE, Chrome, and Mac/Safari.
Of course I'm not able to duplicate the issue here, and without being in front of an affected PC I can't troubleshoot.
- Find more articles tagged with:
- ClearPass Guest
- cppm 6.3
- cppm 6.4
- cppm 6.5
- cppm 6.6
- Mobility controller