Controllerless Networks

Hello,

We're trying to setup an internal CaptivePortal on a IAP205 with build in controlller.
A public SSL certificate is purchased let's say cp.ourcompany.com, the certiifcate has been changed to the PEM format and has the server certificate and the private key in it. Uploading the certificate type Captive Portal to the Aruba AP went well and the AP can be reached in the webbrowser with the correct name https://cp.ourcompany.com. External DNS has been setup correctly.
We've setup an SSID (Guest) with internal Captive Portal Acknowledged, so far so good, now the real question(s). 

A windows device which connects with the guest SSID opens up a browser and is trying to reach the page https://msftconnecttest.com, the page is showing an connection interrupted page for about 2-3 seconds and after this the correct Captive Portal is shown to the end-user. User clicks accept and everything works as expected. I don't understand the connection interrupted page, we would like to show the Captive Portal immediately within the browser and below problem seems to be soft of the same problem.

An Android or IOs mobile device connects the guest SSID, smartphone shows a pop-up translated "Click to login to the network". 5 different mobile devices now all get a certificate error on https://cp.ourcompany.com you can wait for an hour but there isn't a redirect. User has to click on proceed and then the browser shows the correct secured Captive Portal page, user clicks Accept and everything works as expected. 

How can we present the correct https Captive Portal immediately on mobile devices?

------------------------------
JR205Aruba
------------------------------

Did you include the intermediate CAs as well in the PEM file used to import the certificate in your IAP?

Check this article on how to do that. Missing the intermediates is a common source of this kind of problem.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Aug 18, 2021 04:38 AM
From: JR Eastbridge
Subject: Internal Captive Portal IAP205

Hello,

We're trying to setup an internal CaptivePortal on a IAP205 with build in controlller.
A public SSL certificate is purchased let's say cp.ourcompany.com, the certiifcate has been changed to the PEM format and has the server certificate and the private key in it. Uploading the certificate type Captive Portal to the Aruba AP went well and the AP can be reached in the webbrowser with the correct name https://cp.ourcompany.com. External DNS has been setup correctly.
We've setup an SSID (Guest) with internal Captive Portal Acknowledged, so far so good, now the real question(s). 

A windows device which connects with the guest SSID opens up a browser and is trying to reach the page https://msftconnecttest.com, the page is showing an connection interrupted page for about 2-3 seconds and after this the correct Captive Portal is shown to the end-user. User clicks accept and everything works as expected. I don't understand the connection interrupted page, we would like to show the Captive Portal immediately within the browser and below problem seems to be soft of the same problem.

An Android or IOs mobile device connects the guest SSID, smartphone shows a pop-up translated "Click to login to the network". 5 different mobile devices now all get a certificate error on https://cp.ourcompany.com you can wait for an hour but there isn't a redirect. User has to click on proceed and then the browser shows the correct secured Captive Portal page, user clicks Accept and everything works as expected. 

How can we present the correct https Captive Portal immediately on mobile devices?

------------------------------
JR205Aruba
------------------------------