Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

SSL cert not working

  • 1.  SSL cert not working

    Posted Jul 16, 2018 09:36 AM

    Hi

     

    Having an issue with an SSL cert which I want to use for the Captive portal on Aruba OS 8.2.1 running as a VMC

     

    Steps done:

    - CSR generated from the VMC sent to the CA

    - received signed cert back  ( see attached)

    - uploaded it onto the VMC - saved it as a PEM server cert

    -Went to General setings and changed the default captive portal cert to the new cert called "Aruba" ( see attached)

    - the CN specified on the cert has a DNS record pointing to the IP address of the VMC

     

    However when I get redirected to the portal it still comes up with the default expired cert securelogin.arubanetworks.com

     

    What am I missing/doing wrong, any ideas ?

     

    thank you

     

     



  • 2.  RE: SSL cert not working

    Posted Jul 16, 2018 09:44 AM
    1. You should not be creating a DNS entry. Remove that.
    2. What is the output of show datapath fqdn?


  • 3.  RE: SSL cert not working

    Posted Jul 16, 2018 09:55 AM

    Hi

    Okay removed it

    see below:

     

    Datapath FQDN Entries
    ---------------------
    securelogin.arubanetworks.com

    192.168.100.216

     

    Thanks



  • 4.  RE: SSL cert not working

    Posted Jul 16, 2018 09:58 AM
    Then the captive portal cert did not apply correctly. Try selecting default, saving and then reselecting your certificate.


  • 5.  RE: SSL cert not working

    Posted Jul 22, 2018 06:19 PM

    Hi Tim

     

    Okay found my initial problem but have a couple of more questions

    My full setup is 2x VMM and 2x VMC both layer 2 using VRRP for failover

    My problem was that I  generated the CSR from the VMM so although the Cert uploaded to the VMC, the VMC still referenced the old securelogin cert, that why I I think the FQDN would not change to the new CN.

    So I generated a CSR from the managed network group  where both my VMC were added, and when I clicked view current cert is shows me the new cert I generated on both VMC's

     

    I uploaded the signed cert from the CA and came across the following:

    On only the primary VMC it shows the FQDN change to my new CN the backup VMC still shows the securelogin CN

    I had to add the DNS entry back on my local DNS server otherwise I get an unable to resolve my new CN

     

    So as long as user traffic terminates on the primary VMC and I kept my DNS record in it works

     

    So questions 1

    Do I need to generate a CSR and purchase a certificate for each of VMC I have in a cluster ?

    questions 2

    You mention I should remove the DNS entry, please can explain how this should work if I remove it?

     

    thank you for all the assistance

     

     

     



  • 6.  RE: SSL cert not working

    Posted Jul 23, 2018 09:17 AM

    Do your CSR on another box.

     

    Once you have the siged cert, combine it with the key and intermediate into a PFX/PKCS12 file and import it at /md and then set the captive portal cert at /md.

     

    The FQDN is a virtual name and thus should not be in DNS.