Having an issue with an SSL cert which I want to use for the Captive portal on Aruba OS 8.2.1 running as a VMC
- CSR generated from the VMC sent to the CA
- received signed cert back ( see attached)
- uploaded it onto the VMC - saved it as a PEM server cert
-Went to General setings and changed the default captive portal cert to the new cert called "Aruba" ( see attached)
- the CN specified on the cert has a DNS record pointing to the IP address of the VMC
However when I get redirected to the portal it still comes up with the default expired cert securelogin.arubanetworks.com
What am I missing/doing wrong, any ideas ?
Okay removed it
Datapath FQDN Entries---------------------securelogin.arubanetworks.com
Okay found my initial problem but have a couple of more questions
My full setup is 2x VMM and 2x VMC both layer 2 using VRRP for failover
My problem was that I generated the CSR from the VMM so although the Cert uploaded to the VMC, the VMC still referenced the old securelogin cert, that why I I think the FQDN would not change to the new CN.
So I generated a CSR from the managed network group where both my VMC were added, and when I clicked view current cert is shows me the new cert I generated on both VMC's
I uploaded the signed cert from the CA and came across the following:
On only the primary VMC it shows the FQDN change to my new CN the backup VMC still shows the securelogin CN
I had to add the DNS entry back on my local DNS server otherwise I get an unable to resolve my new CN
So as long as user traffic terminates on the primary VMC and I kept my DNS record in it works
So questions 1
Do I need to generate a CSR and purchase a certificate for each of VMC I have in a cluster ?
You mention I should remove the DNS entry, please can explain how this should work if I remove it?
thank you for all the assistance
Do your CSR on another box.
Once you have the siged cert, combine it with the key and intermediate into a PFX/PKCS12 file and import it at /md and then set the captive portal cert at /md.
The FQDN is a virtual name and thus should not be in DNS.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.