Hi, in order to upload the cert to the AP you have to paste all the certs in a notepad as save the file as .pem.
You have to include the following:
certificate for your captive portal
private key
certificate for intermediate CA
certificate for root CA
It should look somehow like this (i removed a lot of the certs lines)
-----BEGIN CERTIFICATE-----
MIIF2jCCBMKgAwIBAgIRAIHUNM1mLTHkZlbOI7qb+gkwDQYJKoZIhvcNAQELBQAw
gY8xCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDMy2fTqFcaLN3y
RUCn2x4YQ0n9D1oA0YzrDcboO276PyJPfpJGoW7bHbbFlmmePXhXEzGx92Xf4jM7
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgIQOXJEOvkit1HX02wQ3TE1lTANBgkqhkiG9w0BAQwFADB7
MQswCQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYD
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEb
MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow
GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmlj
-----END CERTIFICATE-----
Hope this helps
------------------------------
Ulises Cazares
------------------------------
Original Message:
Sent: Apr 20, 2021 02:58 PM
From: Brian Teague
Subject: IAP-205 External Captive Portal config doesn't redirect when accessing via iPhone, Android, Windows 10 etc...
@ulises.cazares I tried to upload my crt file using the Captive portal server type but it doesn't work. It looks like it is looking for a Private key which is what you would think would be uploaded. I use DigiCert (Windows app) to create my CSR and export my private keys. Does anyone have instructions on how to create the Captive portal server cert?
Thanks!
Original Message:
Sent: Apr 20, 2021 10:58 AM
From: Ulises Cazares
Subject: IAP-205 External Captive Portal config doesn't redirect when accessing via iPhone, Android, Windows 10 etc...
As for the certificate. Did you upload the cert in the Aruba AP as captive portal?
The instant.arubanetworks.com is the default cert for the WEBUI and Captive portal. Is not about the ssl keys is abput the cert. When you use the ECP the AP should redirect you to the webserver and thats the first cert you will see but the credentials are POSTed you will see the cert in the AP.
------------------------------
Ulises Cazares
Original Message:
Sent: Apr 19, 2021 02:22 PM
From: Brian Teague
Subject: IAP-205 External Captive Portal config doesn't redirect when accessing via iPhone, Android, Windows 10 etc...
This is my first time configuring an Aruba device to work with an External Captive Portal. I've configured several other APs to work with ECPs so I know what I'm doing. I followed these instructions but I can't get an iOS device running 14.4.1 (new) or an Android device running 5.1.1 (old) to automatically redirect to the ECP page. In fact, in the rules I specify "deny access" but the devices (iPhone & Android) are able to freely browse the internet once connected to WiFi. What's truly interesting is that a Windows 10 device actually redirects to https://localhost:4343/wifi/index. /wifi/index is the Url in ECP Profile.
Configuring External Captive Portal for a Guest Network (arubanetworks.com)
The IAP is running 6.4.2.0-4.1.1.0_46028. The UI won't allow me to easily select InternalServer nor will the device actually store the correct Auth Server once selected. I'm using both Edge & Chrome to try to manage this thing. Moreover, under WLAN Configuration - Security - External Splash Page, you will see localhost etc... in the attached image. I've also added an SSL cert for wifi.mydomain.com which is where my ECP page is hosted but the Controller is serving up instant.arubanetworks.com.
I'm trying to use Authentication Text as the Type which, as I understand, would require me to be able to select InternalServer. I don't want to use a Radius server.
It's clear to me that this software config is buggy. By the way, I've tried to upgrade this thing but I don't have access to the correct image. :)
Any help is much appreciated! Thanks in advance!
------------------------------
Brian
------------------------------