Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

Certificate required for Guest Access using Clearpass

Jump to Best Answer
This thread has been viewed 10 times
  • 1.  Certificate required for Guest Access using Clearpass

    Posted 17 days ago
    Hello,

    I have a clearpass with a HTTPS wildcard certificate installed and the main purpose of the clearpass is to provide guest access with self registration as there is a large number of users.

    1. Is there any certificate required on Aruba Controller for this setup or it can work with the default certificate? 
    2. What should be the server address I put in the clearpass guest registration form shown below? Can someone guide me how to setup this?


    Thanks,



    ------------------------------
    Ajin Skariah
    ------------------------------


  • 2.  RE: Certificate required for Guest Access using Clearpass
    Best Answer

    Posted 17 days ago
    Yes, you will need to install a certificate on your controller (or Instant), and you need to put the name for that certificate in that field that you highlighted in the screenshot.

    Check these videos on how to setup the Guest workflows with Instant, the certificate is the same with a controller.

    If you upload a wildcard certificate, the controller will respond to captiveportal-login.what-your-wildcard.is. *.arubalab.com will be captiveportal-login.arubalab.com. And on the controller, you can check/verify the actual name with the command 'show datapath fqdn'.

    The 'default' securelogin.arubanetworks.com is not trusted (self-signed), so can't really be used, and needs to be replaced with your own certificate.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 3.  RE: Certificate required for Guest Access using Clearpass

    Posted 17 days ago
    Thank you Herman. Can you please suggest what type of certificate I should purchase? Is wildcard needed or a basic ssl is sufficient? I have purchased the wildcard certificate for clearpass from https://comodosslstore.com/essentialssl-wildcard.aspx. Can you suggest a site for the controller ssl certificate? I have two controllers in Active-Standby mode. Can I use the same certificate for both controllers?. I need a cheap one as I did not include the cost for this in the project. This is the first time I am integrating controller with clearpass, so I'm confused. Thanks for your help.

    ------------------------------
    Ajin Skariah
    ------------------------------



  • 4.  RE: Certificate required for Guest Access using Clearpass

    Posted 16 days ago
    That wildcard should work... after installation and assignment as captive portal certificate, check with 'show datapath fqdn' what fqdn you should put in the ClearPass Guest configuration.

    You can also get a standard single domain server certificate if you don't want to put your wildcard on the controller as well. Standard (domain validated) server certificates are available starting at a few $ for a year.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------