Controllerless Networks

 View Only
last person joined: 2 days ago 

Aruba Instant Wi-Fi: Meet the controllerless Wi-Fi solution that's easy to set-up, is loaded with security and smarts, and won't break your budget.
Expand all | Collapse all

Virtual Controller Captive Portal SSL Certificate Options

This thread has been viewed 29 times
  • 1.  Virtual Controller Captive Portal SSL Certificate Options

    Posted Dec 22, 2016 07:48 PM

    Hi eveyrone, I am new to SSL Certifications with Aruba and particularly with the Captive Portal.  My customer's Default SSL Cert has expired and we are looking at either a Self Signed Cert or a Cert from a CA.  My first question is they my customer has generated a CSR from www.getcert.com.   They know have 4 files

    1. Private key : guestaccess.com-2016-12-22-120739.pkey
    2. Certificate request (.csr): guestaccess.com-2016-12-22-120739.csr
    3. Public key(.cer) : guestaccess.com-2016-12-22-120739.cer
    4. Entire certificate (pkcs12) : guestaccess.com-2016-12-22-120739.p12.

     

    From here I am a little confused as what to do if they just want to import a self signed certificate to the Virtual Controller.   Do i need to combine the private key and the public key?  one instruction i read is to rename the .p12 file to .pem and import it.   Any suggestions would be extremely helpful.   They still may go the more secure route with a public cert but I want to cover both options. 



  • 2.  RE: Virtual Controller Captive Portal SSL Certificate Options



  • 3.  RE: Virtual Controller Captive Portal SSL Certificate Options

    Posted Dec 22, 2016 08:13 PM

    Thanks yea i have read it several times.  It has a link on creating a CSR and using that combined with a Public Signed cert , but I have not been able to find instructions specifically to importing a Self-Signed Certificate and what to do after the CSR has been created.    I have 4 files but not sure which or what files to import and/or combine.  Hope that makes sense.  :)



  • 4.  RE: Virtual Controller Captive Portal SSL Certificate Options

    EMPLOYEE
    Posted Dec 22, 2016 08:15 PM
    There's a section towards the bottom that talks about combining the public and private keys with the CA cert.


  • 5.  RE: Virtual Controller Captive Portal SSL Certificate Options

    Posted Dec 22, 2016 08:26 PM

    Cool thanks, i did see that, however that is for the Public Cert which i understand a bit more about combining the private with a public.   I am more hung up on the Self Signed Cert... which unless I am mistaken, is what a CSR is.    The Aruba documentation says you can import a Public Cert from a CA or you can import a Self-Signed Cert using a CSR creator.   Is that correct?



  • 6.  RE: Virtual Controller Captive Portal SSL Certificate Options

    EMPLOYEE
    Posted Dec 22, 2016 08:28 PM
    CSR is used to to get a certificate from a certificate provider.

    If you're using this cert for guest, you should acquire a public cert otherwise your users will receive a certificate error in their browser when logging in.


  • 7.  RE: Virtual Controller Captive Portal SSL Certificate Options

    Posted Dec 22, 2016 08:37 PM

    These are the instructions I received earlier from Aruba support

    "Importing a self-signed certification:

    You can follow the details given below for getting a SSL certificate loaded to IAP:
    Access http://www.getacert.com/ and select “Generate self-signed Certificate”. Then complete your certificate details to create private key, certificate request and public key files.
    2. Choose Next Page - Next Page - Submit self-signed Certificate and you will get a page thats says " Your self signed certificate page" and select "Entire certificate (pkcs12) ".
    3. By default the key file will be in .cer extension. Rename this file such that it get converted to .pem. For example: arubacert.cer to arubacert.pem
    4. Then you go ahead and upload the certificate in the IAP by going to the GUI access of the VC and clicking on " Maintenance-> certificate-> upload ceritifcate-> Captive portal"."

    However step 1 and step 2 do not make sense. It says to select the Entire certificate (pkcs12) but this file has a .p12 extension not a .cer.

     

    Anyway I prob have confused you more, I will revist this with Aruba Support.



  • 8.  RE: Virtual Controller Captive Portal SSL Certificate Options

    EMPLOYEE
    Posted Dec 22, 2016 08:46 PM

    Take the private key file and combine it with the public certificate file and save it with a .pem extension. You should be able to import that.



  • 9.  RE: Virtual Controller Captive Portal SSL Certificate Options

    Posted Dec 22, 2016 09:30 PM

    There ya go, appreciate it.  I will give it a go thank you



  • 10.  RE: Virtual Controller Captive Portal SSL Certificate Options

    Posted Mar 17, 2022 01:55 PM
    Hi, I always have a problem after adding the self signed certificate, when I access the captive portal, i loop on the captive portal acknowledge message...
    I think I loose something on the road. 
    When I get connected and I want to browse google.com for example I get a NET:ERR_VERT_AUTHORITY_INVALID error, with HSTS informations if I continue.
    Could you help me ?

    Regards,
    François

    ------------------------------
    François fauquenoy
    ------------------------------



  • 11.  RE: Virtual Controller Captive Portal SSL Certificate Options

    EMPLOYEE
    Posted Apr 19, 2022 08:12 AM
    You responded to a very old tread. Things around certificates have changed a lot over the last years, and you should have a public signed certificate for your captive portal (not a self-signed), and you will never be able to avoid certificate errors if customers try to reach google.com unless you completely block HTTPS traffic.

    Probably best is to reach out to your Aruba partner, or Aruba Support to get a proper configuration.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 12.  RE: Virtual Controller Captive Portal SSL Certificate Options

    Posted 4 hours ago
    Hi,

    I have a locally-admin'd cert defined  for HTTPS (TCP/443), and it works OK. I have a DNS setting for A- and PTR-records defined, and they work.

    But when scanning with a vulnerability tool, I see that while the cert of 443 is correct, the tool detects the SSO port, 8083 as being the normal, securelogin.arubanetworks.com self-signed cert.

    How can I make my vMM know that these sites should use the server cert for 443 works for 8083 too?

    Thanks,
    -Ambi

    ------------------------------
    Ambidexter
    ------------------------------