Security

Hi All,

Not sure if this is the right discussion group ... could well be the mobility controller group.

I've inherited a clearpass sponsored guest system covering multiple sites which as far as I know has been working just fine .... up till recently. At one site the whole process works just fine till you get to the display of the created user credentials with the login button. When you click login the end user gets a certificate error and the initial login fails. As this fails, the subsequent  mac caching setup also fails.

On the controller concerned there is 1 certificate defined and its assigned to the controller web interface and the captive portal setup. I *think* its just a cert and the controller doesnt have a full CA chain installed.

From the user perspective he's connecting to <fqdn>/cgi-bin/login which resolves to another server,  but the certificate he sees in his browser is an aruba self signed one for the controller in question ( you can see the controller serial number in it). Similarly, if you https to the controller ip address the cert you see is also this controller  self signed one.

Running 6.5.1.18 FIPS on the 7210 controller

Any help appreciated
Rgds
Alex

------------------------------
Alex Sharaz
------------------------------

And of course just after I fix it I find this article

https://community.spiceworks.com/topic/1826231-aruba-guest-wifi-portal-cert-issue



------------------------------
Alex Sharaz
------------------------------

Original Message:
Sent: May 28, 2021 03:08 AM
From: Alex Sharaz
Subject: Cleasrpass guest user registration issue

Hi All,

Not sure if this is the right discussion group ... could well be the mobility controller group.

I've inherited a clearpass sponsored guest system covering multiple sites which as far as I know has been working just fine .... up till recently. At one site the whole process works just fine till you get to the display of the created user credentials with the login button. When you click login the end user gets a certificate error and the initial login fails. As this fails, the subsequent  mac caching setup also fails.

On the controller concerned there is 1 certificate defined and its assigned to the controller web interface and the captive portal setup. I *think* its just a cert and the controller doesnt have a full CA chain installed.

From the user perspective he's connecting to <fqdn>/cgi-bin/login which resolves to another server,  but the certificate he sees in his browser is an aruba self signed one for the controller in question ( you can see the controller serial number in it). Similarly, if you https to the controller ip address the cert you see is also this controller  self signed one.

Running 6.5.1.18 FIPS on the 7210 controller

Any help appreciated
Rgds
Alex

------------------------------
Alex Sharaz
------------------------------

Original Message:
Sent: 5/28/2021 5:28:00 AM
From: alexs-nd
Subject: RE: Cleasrpass guest user registration issue

And of course just after I fix it I find this article

https://community.spiceworks.com/topic/1826231-aruba-guest-wifi-portal-cert-issue



------------------------------
Alex Sharaz
------------------------------

Original Message:
Sent: May 28, 2021 03:08 AM
From: Alex Sharaz
Subject: Cleasrpass guest user registration issue

Hi All,

Not sure if this is the right discussion group ... could well be the mobility controller group.

I've inherited a clearpass sponsored guest system covering multiple sites which as far as I know has been working just fine .... up till recently. At one site the whole process works just fine till you get to the display of the created user credentials with the login button. When you click login the end user gets a certificate error and the initial login fails. As this fails, the subsequent  mac caching setup also fails.

On the controller concerned there is 1 certificate defined and its assigned to the controller web interface and the captive portal setup. I *think* its just a cert and the controller doesnt have a full CA chain installed.

From the user perspective he's connecting to <fqdn>/cgi-bin/login which resolves to another server,  but the certificate he sees in his browser is an aruba self signed one for the controller in question ( you can see the controller serial number in it). Similarly, if you https to the controller ip address the cert you see is also this controller  self signed one.

Running 6.5.1.18 FIPS on the 7210 controller

Any help appreciated
Rgds
Alex

------------------------------
Alex Sharaz
------------------------------