Controllerless Networks

last person joined: 6 hours ago 

Aruba Instant Wi-Fi: Meet the controllerless Wi-Fi solution that's easy to set-up, is loaded with security and smarts, and won't break your budget.
Expand all | Collapse all

Using Two Certificates SSL in Aruba Instant with Clear Pass Guest

  • 1.  Using Two Certificates SSL in Aruba Instant with Clear Pass Guest

    Posted Apr 17, 2018 10:13 AM

    Dear,

     

    I have a problem in my client, because I need to set 2 certificates for work the websites with https and I got just insert 1 certificate.

     

    OBS: I will using for Guest Network with captive portal and other network that using with smart devices. 

     

    Is there a limitation in Aruba Instant Cluster?

    The ClerPass I got insert 2 certificates in trust, but How to configure in Aruba Instant?

     

    I try insert both in diferent models by WebGui and Cli but, I did not make it.

     

    The IAP are the 315 and the firmware version is 6.5.4.3

     

    Thanks.

     



  • 2.  RE: Using Two Certificates SSL in Aruba Instant with Clear Pass Guest

    Posted Apr 17, 2018 10:18 AM
    Unfortunately this is not possible
    Pardon typos sent from Mobile


  • 3.  RE: Using Two Certificates SSL in Aruba Instant with Clear Pass Guest

    Posted Apr 17, 2018 10:52 AM

    Victor,

     

    In this case just with controller(virtual apliance or Hardware apliance)?

     

    Is there other option for resolve this problem?

     

    Thanks.



  • 4.  RE: Using Two Certificates SSL in Aruba Instant with Clear Pass Guest

    Posted Apr 17, 2018 02:34 PM
    Sorry don't understand your question .

    What is the business requirement / use case ?


  • 5.  RE: Using Two Certificates SSL in Aruba Instant with Clear Pass Guest

    Posted Apr 17, 2018 11:20 PM

    Sorry. I have an environment that I need to insert two SSL certificates into the Instant IAP 315 cluster to work with the captive portal for the guest network with clearpass, but when I put the two certificates the IAP is only accepting a certificate.

    Is there any limitation for adding more than one certificate in Instant IAP?

    In the clear pass I normally add the two certificates in trust.



  • 6.  RE: Using Two Certificates SSL in Aruba Instant with Clear Pass Guest

    Posted Apr 18, 2018 04:11 AM

    Why do you need two SSL certificates?  Typically you need just a public single SSL certificate that all of your clients would trust.



  • 7.  RE: Using Two Certificates SSL in Aruba Instant with Clear Pass Guest

    Posted Apr 18, 2018 10:04 AM

    You have reason but this client use two certificates in your wired network and He need using the same certificates.

    Is there another way to solve this by Aruba Instant?

     



  • 8.  RE: Using Two Certificates SSL in Aruba Instant with Clear Pass Guest

    Posted Apr 18, 2018 10:57 AM
    What is the desired use case for using two certificates? Please provide full detail about their usage.


  • 9.  RE: Using Two Certificates SSL in Aruba Instant with Clear Pass Guest

    Posted Apr 18, 2018 11:07 AM

    The client uses a certificate issued by the firewall checkpoint only to issue the block for certain sites and it does not want to change the way of use, and the other CA certificate is to do the actual SSL inspection.
    When I enter the firewall certificate and then add the CA certificate, the previous one is written in Instant. Can not keep both.



  • 10.  RE: Using Two Certificates SSL in Aruba Instant with Clear Pass Guest

    Posted Apr 18, 2018 11:37 AM
    SSL decryption certs would not be installed in the IAP.


  • 11.  RE: Using Two Certificates SSL in Aruba Instant with Clear Pass Guest

    Posted Apr 19, 2018 08:05 AM

    I do not understand, why not?
    How users will access trusted sites through HTTPS, since they are visitors who will access through the guest portal and others who will access another mobile network (Smartphones) and need to have the certificate to install at the time of access.
    If not, how will I install two certificates in the IAP, they are already inserted in the Clear Pass as trust.



  • 12.  RE: Using Two Certificates SSL in Aruba Instant with Clear Pass Guest

    Posted Apr 19, 2018 09:02 AM
    An SSL decrypt certificate needs to be installed on the client.


  • 13.  RE: Using Two Certificates SSL in Aruba Instant with Clear Pass Guest

    Posted Apr 19, 2018 10:24 AM

    So I agree when the network that is being used is 802.1x which can be installed the certificate via windows GPO policy for example, however in the case of the network visitors through a guest portal and the mobile network, in this case the client will not install two certificates every time a visitor arrives in the company, in this case the IAP controller must be able to reconfirm HTTPS secure traffic through the CA and Firewall certificates, in order to trust them and be able to do the inspection.
    In IAP I can only install 1 certificate, however I would like to know if it is IAP limitation and if only the controller supports, to warn the client of this problem and to study a way to be able to import these certificates and to leave this process automated.

    I will open a TAC also to formalize because the customer will need it.



  • 14.  RE: Using Two Certificates SSL in Aruba Instant with Clear Pass Guest

    Posted Apr 19, 2018 10:28 AM
    You should not be asking guests to install SSL decrypt certificates!

    Also, just to reiterate, the IAP is NOT INVOLVED in this at all.


  • 15.  RE: Using Two Certificates SSL in Aruba Instant with Clear Pass Guest

    Posted Apr 19, 2018 10:31 AM

    I'm sorry, but I did not understand how to solve this, because IAP is configured with clear pass but the HTTPS sites are not working because of these certificates, and in the wired network this already works, but in the wifi networks GUEST and MObile do not.
    How to solve this?



  • 16.  RE: Using Two Certificates SSL in Aruba Instant with Clear Pass Guest

    Posted Apr 19, 2018 10:35 AM
    You should really work with your ClearPass partner.


  • 17.  RE: Using Two Certificates SSL in Aruba Instant with Clear Pass Guest

    Posted Apr 19, 2018 10:46 AM

    Ok, but I already imported the certificates as trust in the clear pass and it still did not work.



  • 18.  RE: Using Two Certificates SSL in Aruba Instant with Clear Pass Guest

    Posted Apr 19, 2018 10:59 AM
    ClearPass is not involved either.


  • 19.  RE: Using Two Certificates SSL in Aruba Instant with Clear Pass Guest

    Posted Apr 19, 2018 11:13 AM

    Sorry but now that I do not understand anything, you tell me that it is not necessary to insert any certificate in IAP or ClearPass?
    I do not know what to do, do you recommend opening a TAC?



  • 20.  RE: Using Two Certificates SSL in Aruba Instant with Clear Pass Guest

    Posted Apr 19, 2018 11:20 AM
    ClearPass and the Aruba network devices have no involvement in SSL decryption. TAC likely will not be able to assist.


  • 21.  RE: Using Two Certificates SSL in Aruba Instant with Clear Pass Guest

    Posted Apr 20, 2018 08:53 AM

    How can I solve this problem without changing the client's infrastructure?
    Is there any solution to this problem or only if I make the firewall auto-sign the certificate?



  • 22.  RE: Using Two Certificates SSL in Aruba Instant with Clear Pass Guest

    Posted Apr 20, 2018 09:39 AM
    You need to work with your partner. This conversation has gone wildly off track.


  • 23.  RE: Using Two Certificates SSL in Aruba Instant with Clear Pass Guest

    Posted Apr 20, 2018 09:59 AM

    Okay, I'm the partner, thanks for the clarification.



  • 24.  RE: Using Two Certificates SSL in Aruba Instant with Clear Pass Guest

    Posted Apr 19, 2018 11:26 AM

    Find out from your SSL decryption vendor how things need to be configured. Like Tcappalli said, it would NOT be on the WLAN controller or the AAA authenticator.



  • 25.  RE: Using Two Certificates SSL in Aruba Instant with Clear Pass Guest

    Posted Apr 25, 2018 07:41 AM

    I need to install two certificates of CA but not possible on IAP.

    I got just one.



  • 26.  RE: Using Two Certificates SSL in Aruba Instant with Clear Pass Guest

    Posted Apr 25, 2018 08:16 AM
    Why would an SSL intercept CA server need to be installed on a Captive Portal?
    Why would you be doing SSL intercept on guests?


  • 27.  RE: Using Two Certificates SSL in Aruba Instant with Clear Pass Guest

    Posted Apr 25, 2018 08:26 AM

    I need to install two client CA certificates because internal users of the wired network can only access https sites in this way.
    They have a certain difficulty in the firewall, because it can not generate a self-signed certificate, so I can not get the visitors and mobile network users to access such https sites without these certificates.
    I was able to install only one certificate in the IAP, but it only allows 1 CA certificate. Is there a way to solve this?



  • 28.  RE: Using Two Certificates SSL in Aruba Instant with Clear Pass Guest

    Posted Apr 25, 2018 08:42 AM

    Guests will not allow you to install certificates on their machines, so I think you have a fundamental problem that you need to solve.  Unfortunately I don't think it involves IAPs or ClearPass.