Wireless Access

last person joined: 3 hours ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

securelogin certificate

  • 1.  securelogin certificate

    Posted May 18, 2020 06:26 PM

    Hopefully this is the right place to post.

    for the time of me i am unable to locate securelogin(captive portal) is located so i can upload a new certificate.


    we are running clearpass and Aruba central and i have gone through both and still cant find it anyone able to help 



  • 2.  RE: securelogin certificate

    Posted May 19, 2020 02:19 AM



    On Central, you can upload the new certificate under Organization --> Certificates



    Then under your Group Config, you select this certificate for captive portal.



    On ClearPass Guest Page, you change the IP address to match your certificate common name. If your certificate is a wildcard certificate, then you use the name captiveportal-login.example.com assuming you have a wild card certificate for *.example.com






  • 3.  RE: securelogin certificate

    Posted May 19, 2020 02:30 AM

    thanks for your reply.

    but i have gone through that and i can confirm all i can see is default certificate.


    URL for captive portal is different to what in clearpass guest reg page.


    are there any other locations the certs will be uploaded?

  • 4.  RE: securelogin certificate

    Posted May 19, 2020 02:50 AM



    Can you please explain in details where are you facing the issue?

    From high level steps,

    1) User connects to WiFi and is placed in initial role, gets redirected to ClearPass Guest Portal. Here they get the certificate from ClearPass.


    Are you reaching this step? If not, did you select External Captive portal profile and select your right profile?





    2) Users completes the registration and presses login. ClearPass will instruct the client where to post back. This is the IP address/FQDN specified on ClearPass under the guest login page.


    3) Client's device will postback to this URL (which is for the certificate hosted on the IAP / controller)


    4) After that NAS will send a Radius Request to ClearPass to complete the authentication




    Where is it failing?