Wireless Access

Hello,

I have a clearpass with a HTTPS wildcard certificate installed and the main purpose of the clearpass is to provide guest access with self registration as there is a large number of users.

1. Is there any certificate required on Aruba Controller for this setup or it can work with the default certificate? 


------------------------------
Ajin Skariah
------------------------------

Yes, you will need to install a certificate on your controller (or Instant), and you need to put the name for that certificate in that field that you highlighted in the screenshot.

Check these videos on how to setup the Guest workflows with Instant, the certificate is the same with a controller.

If you upload a wildcard certificate, the controller will respond to captiveportal-login.what-your-wildcard.is. *.arubalab.com will be captiveportal-login.arubalab.com. And on the controller, you can check/verify the actual name with the command 'show datapath fqdn'.

The 'default' securelogin.arubanetworks.com is not trusted (self-signed), so can't really be used, and needs to be replaced with your own certificate.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Nov 16, 2021 06:20 AM
From: Ajin Skariah
Subject: Certificate required for Guest Access using Clearpass

Hello,

I have a clearpass with a HTTPS wildcard certificate installed and the main purpose of the clearpass is to provide guest access with self registration as there is a large number of users.

1. Is there any certificate required on Aruba Controller for this setup or it can work with the default certificate? 

2. What should be the server address I put in the clearpass guest registration form shown below? Can someone guide me how to setup this?


Thanks,

------------------------------
Ajin Skariah
------------------------------

Thank you Herman. Can you please suggest what type of certificate I should purchase? Is wildcard needed or a basic ssl is sufficient? I have purchased the wildcard certificate for clearpass from https://comodosslstore.com/essentialssl-wildcard.aspx. Can you suggest a site for the controller ssl certificate? I have two controllers in Active-Standby mode. Can I use the same certificate for both controllers?. I need a cheap one as I did not include the cost for this in the project. This is the first time I am integrating controller with clearpass, so I'm confused. Thanks for your help.

------------------------------
Ajin Skariah
------------------------------

Original Message:
Sent: Nov 16, 2021 07:20 AM
From: Herman Robers
Subject: Certificate required for Guest Access using Clearpass

Yes, you will need to install a certificate on your controller (or Instant), and you need to put the name for that certificate in that field that you highlighted in the screenshot.

Check these videos on how to setup the Guest workflows with Instant, the certificate is the same with a controller.

If you upload a wildcard certificate, the controller will respond to captiveportal-login.what-your-wildcard.is. *.arubalab.com will be captiveportal-login.arubalab.com. And on the controller, you can check/verify the actual name with the command 'show datapath fqdn'.

The 'default' securelogin.arubanetworks.com is not trusted (self-signed), so can't really be used, and needs to be replaced with your own certificate.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Nov 16, 2021 06:20 AM
From: Ajin Skariah
Subject: Certificate required for Guest Access using Clearpass

Hello,

I have a clearpass with a HTTPS wildcard certificate installed and the main purpose of the clearpass is to provide guest access with self registration as there is a large number of users.

1. Is there any certificate required on Aruba Controller for this setup or it can work with the default certificate? 

2. What should be the server address I put in the clearpass guest registration form shown below? Can someone guide me how to setup this?


Thanks,

------------------------------
Ajin Skariah
------------------------------

That wildcard should work... after installation and assignment as captive portal certificate, check with 'show datapath fqdn' what fqdn you should put in the ClearPass Guest configuration.

You can also get a standard single domain server certificate if you don't want to put your wildcard on the controller as well. Standard (domain validated) server certificates are available starting at a few $ for a year.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Nov 16, 2021 08:46 AM
From: Ajin Skariah
Subject: Certificate required for Guest Access using Clearpass

Thank you Herman. Can you please suggest what type of certificate I should purchase? Is wildcard needed or a basic ssl is sufficient? I have purchased the wildcard certificate for clearpass from https://comodosslstore.com/essentialssl-wildcard.aspx. Can you suggest a site for the controller ssl certificate? I have two controllers in Active-Standby mode. Can I use the same certificate for both controllers?. I need a cheap one as I did not include the cost for this in the project. This is the first time I am integrating controller with clearpass, so I'm confused. Thanks for your help.

------------------------------
Ajin Skariah

Original Message:
Sent: Nov 16, 2021 07:20 AM
From: Herman Robers
Subject: Certificate required for Guest Access using Clearpass

Yes, you will need to install a certificate on your controller (or Instant), and you need to put the name for that certificate in that field that you highlighted in the screenshot.

Check these videos on how to setup the Guest workflows with Instant, the certificate is the same with a controller.

If you upload a wildcard certificate, the controller will respond to captiveportal-login.what-your-wildcard.is. *.arubalab.com will be captiveportal-login.arubalab.com. And on the controller, you can check/verify the actual name with the command 'show datapath fqdn'.

The 'default' securelogin.arubanetworks.com is not trusted (self-signed), so can't really be used, and needs to be replaced with your own certificate.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Nov 16, 2021 06:20 AM
From: Ajin Skariah
Subject: Certificate required for Guest Access using Clearpass

Hello,

I have a clearpass with a HTTPS wildcard certificate installed and the main purpose of the clearpass is to provide guest access with self registration as there is a large number of users.

1. Is there any certificate required on Aruba Controller for this setup or it can work with the default certificate? 

2. What should be the server address I put in the clearpass guest registration form shown below? Can someone guide me how to setup this?


Thanks,

------------------------------
Ajin Skariah
------------------------------