Question: How do I add the OCSP details on the controller, because captive portal is not working when OCSP is turned on?
Product and Software: This article applies to all Aruba controllers and ArubaOS versions.
Aruba captive portal is a Layer 3 authentication mechanism. Captive portal presents user a login page for any website the user is trying to access. Users must pass authentication before they can get full access (or the configured access level, depending on the security policy).
To increase security, captive portal (by default) is presented over HTTPS so that user credentials cannot be sniffed. To provide HTTPS service, all Aruba controllers come with a default certificate. However, this certificate is for demonstration purpose only, and users are strongly recommended to get their own certificate.
This presents an interesting issue when users load their own certificate:
Add the following OCSP IP address details and map it in the captiveportal logon (Initial Role).(Aruba) (config) #netdestination ocsp.usertrust.com(Aruba620-US)(config-dest) #host 220.127.116.11(Aruba) (config-dest) #host 18.104.22.168(Aruba) (config-dest) #host 22.214.171.124(Aruba) (config-dest) #host 126.96.36.199(Aruba) (config-dest) #host 188.8.131.52Aruba) (config-dest) #host 184.108.40.206Aruba) (config-dest) #host 220.127.116.11(Aruba) (config-dest) #host 18.104.22.168Aruba) (config-dest) #host 22.214.171.124(Aruba) (config-dest) #host 126.96.36.199(Aruba) (config-dest) #host 188.8.131.52(Aruba) (config-dest) #exit(Aruba)(config) #ip access-list session ocsp(Aruba) (config-sess-ocsp)#user alias ocsp.usertrust.com tcp 80 permit log(Aruba) (config-sess-ocsp)#exit(Aruba) (config) #user-role guest-logon(Aruba) (config-role) #access-list session ocsp position 1..
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.