I'm in the process of building out my new wireless guest network with Aruba controller (220.127.116.11) and Clearpass (6.7.5) controllers and am having an issue wtih a certfiicate error. I have a certificate from DigiCert on clearpass as well as my controllers and it seems to work fine. When i connect to my captive portal on a windows laptop, i get the captive portal pop-up and can log in with no certificate issues. I have a test iPad here as well and samething, connect and login with no certificate error.
Now on 5 different androids (runnig on different versions), i connect to network, get the captive portal pop-up which is https and thats fine. But when i click login i get the certificate error. I only seem to get the cert error on androids. I need another apple device or two to test with to verify it with that as well, but the ipad and windows devices are fine.
I would think something like digicert would be already loaded on android devices as its a pretty common 3rd party certificate company. has anyone had issues with android phones/tablets having a certificate error where other vendors seem to be fine?
I have an HTTPS certificate on clearpass signed from DigiCert, i also have 3 individual HTTPS certificates on my controllers (each controller has their own and its stacked with the intermediate and root ca together in one).
I have followed the guide listed here:
https://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Web-Login-NAS-Address-configuration-options-in-single-and-multi/ta-p/275426 (the last part Using Unique Captive Portal Certificates Per Controller)
Since i am in a multi controller setup each with their own individual cert, i have those all added in the header html area. On each controller i have their own certs, each with their own common name. But i also have SANS created for them for different things. One of those SANs entries is the dns address of the cluster of controllers. That is the entry that is referneced in the IP address after on the captive portal page on the clearpass.
For the second part, so my stack of certs should not include the root ca? just the ssl cert and intermediate?
Having 3 different public certs on each controller though cause an issue with Android's and their cert error and not on apple or windows?
Thanks. I will go about doing that now and test it out. One more question, so when creating the certificate, the common name should not be in dns? And that common name is what i will put in the IP Address field on the captive portal webpage config in clearpass?
So if i create something like captive-portal.mydomain.com as the common name for all of my controllers, that is the samething i put in the webpage config?
OK, i used openssl and created the cert with keys and uploaded it to digicert, got my new one, combined the ssl cert and the intermediate ca in one file, then uploaded that same cert to all of my controllers and that went through.
I then updated my web login address so it is captive-portal.<mydomain>.com, which is the samething i used as the common name in the certficate. now when i connect i get the error saying captive-portal.<mydomain>.com can't be found. since there is no dns entry for it, how does it know to go back to the controller?
It originally showed up only as securelogin.arubanetworks.com. I changed the web-server profile on the highest folder for the controllers, but that didn't seem to work. So i had to manually change it on all of the controllers and now it shows up correctly in the show datapath fqdn and the captive portal does work now.
I test with my devices, and the windows/ipads are working the same now. and with androids, its been spotty. either my phone doesn't get the certifcate error anymore or it goes away really quickly and i don't have to accepty. my tablet does the samething. i had one of my co-workers phone didn't get the cert error, but another's did. so not sure if its related to something with android or something else.
I am having the same issue. Were you ever able to resolve it?
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.