I have a problem in my client, because I need to set 2 certificates for work the websites with https and I got just insert 1 certificate.
OBS: I will using for Guest Network with captive portal and other network that using with smart devices.
Is there a limitation in Aruba Instant Cluster?
The ClerPass I got insert 2 certificates in trust, but How to configure in Aruba Instant?
I try insert both in diferent models by WebGui and Cli but, I did not make it.
The IAP are the 315 and the firmware version is 126.96.36.199
In this case just with controller(virtual apliance or Hardware apliance)?
Is there other option for resolve this problem?
Sorry. I have an environment that I need to insert two SSL certificates into the Instant IAP 315 cluster to work with the captive portal for the guest network with clearpass, but when I put the two certificates the IAP is only accepting a certificate.
Is there any limitation for adding more than one certificate in Instant IAP?
In the clear pass I normally add the two certificates in trust.
Why do you need two SSL certificates? Typically you need just a public single SSL certificate that all of your clients would trust.
You have reason but this client use two certificates in your wired network and He need using the same certificates.
Is there another way to solve this by Aruba Instant?
The client uses a certificate issued by the firewall checkpoint only to issue the block for certain sites and it does not want to change the way of use, and the other CA certificate is to do the actual SSL inspection.When I enter the firewall certificate and then add the CA certificate, the previous one is written in Instant. Can not keep both.
I do not understand, why not?How users will access trusted sites through HTTPS, since they are visitors who will access through the guest portal and others who will access another mobile network (Smartphones) and need to have the certificate to install at the time of access.If not, how will I install two certificates in the IAP, they are already inserted in the Clear Pass as trust.
So I agree when the network that is being used is 802.1x which can be installed the certificate via windows GPO policy for example, however in the case of the network visitors through a guest portal and the mobile network, in this case the client will not install two certificates every time a visitor arrives in the company, in this case the IAP controller must be able to reconfirm HTTPS secure traffic through the CA and Firewall certificates, in order to trust them and be able to do the inspection.In IAP I can only install 1 certificate, however I would like to know if it is IAP limitation and if only the controller supports, to warn the client of this problem and to study a way to be able to import these certificates and to leave this process automated.
I will open a TAC also to formalize because the customer will need it.
I'm sorry, but I did not understand how to solve this, because IAP is configured with clear pass but the HTTPS sites are not working because of these certificates, and in the wired network this already works, but in the wifi networks GUEST and MObile do not.How to solve this?
Ok, but I already imported the certificates as trust in the clear pass and it still did not work.
Sorry but now that I do not understand anything, you tell me that it is not necessary to insert any certificate in IAP or ClearPass?I do not know what to do, do you recommend opening a TAC?
How can I solve this problem without changing the client's infrastructure?Is there any solution to this problem or only if I make the firewall auto-sign the certificate?
Okay, I'm the partner, thanks for the clarification.
Find out from your SSL decryption vendor how things need to be configured. Like Tcappalli said, it would NOT be on the WLAN controller or the AAA authenticator.
I need to install two certificates of CA but not possible on IAP.
I got just one.
I need to install two client CA certificates because internal users of the wired network can only access https sites in this way.They have a certain difficulty in the firewall, because it can not generate a self-signed certificate, so I can not get the visitors and mobile network users to access such https sites without these certificates.I was able to install only one certificate in the IAP, but it only allows 1 CA certificate. Is there a way to solve this?
Guests will not allow you to install certificates on their machines, so I think you have a fundamental problem that you need to solve. Unfortunately I don't think it involves IAPs or ClearPass.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.