Controllerless Networks

 View Only
last person joined: 19 hours ago 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Expand all | Collapse all

Public CA cert for Captive Portal

This thread has been viewed 34 times
  • 1.  Public CA cert for Captive Portal

    Posted Oct 26, 2021 10:24 AM
    I have researched plenty, and also read this article Airheads Community, but I'm unsure on the domain part.  We have a public, externally-hosted website. for example.  The captive portal currently goes to upon connecting to the SSID.  When I choose a different domain for the certificate, like, how does the virtual controller get updated to this domain. won't resolve externally to anywhere.  Is that ok, or do we need insert a Public A-record?  If so, what would it resolve to?  Surely, we wouldn't expose the internal IP address of the virtual controller. 

    Thanks in advance.


  • 2.  RE: Public CA cert for Captive Portal

    Posted Oct 27, 2021 10:34 AM
    When you upload a server certificate, the controller imports the Common Name from the certificate.  You can type "show cert all" to see all of the certificates in the VC and what the VC thinks is the subject common name of that certificate:

    You can also see what certificates are assigned to what:

    To answer the DNS question, the VC will "snoop" on any client DNS traffic.  If any client tries to resolve DNS traffic that matches the CN of the uploaded server certificate, it will respond to the query with the ip address of the VC.

    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

  • 3.  RE: Public CA cert for Captive Portal

    Posted Oct 29, 2021 09:23 PM
    Thanks for a thorough answer.  This helps a lot. 


  • 4.  RE: Public CA cert for Captive Portal

    Posted Nov 06, 2021 04:41 PM
    One other inquiry.  I uploaded the cert as server, and assigned it to the Captive Portal.  That works fine now.  However, for the WebUI, which is using, it's trying to use the Captive Portal cert.  The cname doesn't match, so there is a cert error.  Should I have done a wild cart cert, or should I install a separate cert for the WebUI, with an approriate webui cname, and associate it to the webUI?  Will the VC then snoop for the WebUI cname?