Wireless Access

last person joined: 15 hours ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

SSL cert not working

This thread has been viewed 1 times
  • 1.  SSL cert not working

    Posted Jul 16, 2018 09:36 AM



    Having an issue with an SSL cert which I want to use for the Captive portal on Aruba OS 8.2.1 running as a VMC


    Steps done:

    - CSR generated from the VMC sent to the CA

    - received signed cert back  ( see attached)

    - uploaded it onto the VMC - saved it as a PEM server cert

    -Went to General setings and changed the default captive portal cert to the new cert called "Aruba" ( see attached)

    - the CN specified on the cert has a DNS record pointing to the IP address of the VMC


    However when I get redirected to the portal it still comes up with the default expired cert securelogin.arubanetworks.com


    What am I missing/doing wrong, any ideas ?


    thank you



  • 2.  RE: SSL cert not working

    Posted Jul 16, 2018 09:44 AM
    1. You should not be creating a DNS entry. Remove that.
    2. What is the output of show datapath fqdn?

  • 3.  RE: SSL cert not working

    Posted Jul 16, 2018 09:55 AM


    Okay removed it

    see below:


    Datapath FQDN Entries



  • 4.  RE: SSL cert not working

    Posted Jul 16, 2018 09:58 AM
    Then the captive portal cert did not apply correctly. Try selecting default, saving and then reselecting your certificate.

  • 5.  RE: SSL cert not working

    Posted Jul 22, 2018 06:19 PM

    Hi Tim


    Okay found my initial problem but have a couple of more questions

    My full setup is 2x VMM and 2x VMC both layer 2 using VRRP for failover

    My problem was that I  generated the CSR from the VMM so although the Cert uploaded to the VMC, the VMC still referenced the old securelogin cert, that why I I think the FQDN would not change to the new CN.

    So I generated a CSR from the managed network group  where both my VMC were added, and when I clicked view current cert is shows me the new cert I generated on both VMC's


    I uploaded the signed cert from the CA and came across the following:

    On only the primary VMC it shows the FQDN change to my new CN the backup VMC still shows the securelogin CN

    I had to add the DNS entry back on my local DNS server otherwise I get an unable to resolve my new CN


    So as long as user traffic terminates on the primary VMC and I kept my DNS record in it works


    So questions 1

    Do I need to generate a CSR and purchase a certificate for each of VMC I have in a cluster ?

    questions 2

    You mention I should remove the DNS entry, please can explain how this should work if I remove it?


    thank you for all the assistance




  • 6.  RE: SSL cert not working

    Posted Jul 23, 2018 09:17 AM

    Do your CSR on another box.


    Once you have the siged cert, combine it with the key and intermediate into a PFX/PKCS12 file and import it at /md and then set the captive portal cert at /md.


    The FQDN is a virtual name and thus should not be in DNS.