Wireless Access

 View Only
last person joined: 14 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Expand all | Collapse all

Another securelogin case

This thread has been viewed 53 times
  • 1.  Another securelogin case

    Posted May 25, 2023 09:52 AM

    Hi,
    I have AP 505 with software 8.11.1.0. I am fighting with hotspot system. I have external captive portal, it works fine. But i have problem with redirect to securelogin.arubanetworks.com all clients devices report this doman as unsecured, and its true because certificate on this site are selfsigned. 

    I will setup own securelogin domain like securelogin.mydomain.com. I have wildcard certificate for mydomain.com. I try to add my cert in Maintenance>Certificates and i have fail. Still I see Convert certificate error. For my cert i have 3 files: certificate, private key, CA cert. Also i try to convert my files to pkcs12 cert, its still does not work.

    How can i setup securelogin.arubanetworks.com for my captive portal?



  • 2.  RE: Another securelogin case

    EMPLOYEE
    Posted May 25, 2023 07:07 PM

    for instant APs, you need to upload the new wildcard cert in pem/cer or crt  format 
    I generally use pem with no issues. The pem format cert should have the full chain
    The last section of the pem format should include the private key.





    ------------------------------
    If my post was useful accept solution and/or give kudos.
    Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
    ------------------------------



  • 3.  RE: Another securelogin case

    Posted May 29, 2023 01:12 AM

    I does not have that certificate type. I only have:




  • 4.  RE: Another securelogin case

    Posted May 29, 2023 01:19 AM

    Ok, when i created pem and last section was private key upload was successful.

    For now next question, how can i set my fqdn for securelogin? For examle securelogin.mydmain.com?




  • 5.  RE: Another securelogin case

    EMPLOYEE
    Posted May 29, 2023 01:26 AM

    is the server cert a wild card cert? 



    ------------------------------
    If my post was useful accept solution and/or give kudos.
    Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
    ------------------------------



  • 6.  RE: Another securelogin case

    Posted May 29, 2023 02:58 AM

    Yes, this is wild card cert.




  • 7.  RE: Another securelogin case

    Posted Jun 01, 2023 06:36 AM

    For speed up i bought new ssl cert for single domain. 

    I uploaded new cert, now i have my fqdn when i try to connect to my guest network. 

    In mobile device all is correct, but windows display warning about unsecured data sending. I have set use https in capative portal, windows still use http. Can i fix it or force to use https?




  • 8.  RE: Another securelogin case

    EMPLOYEE
    Posted Jun 27, 2023 08:57 AM

    What is youre external captive portal server? Does that have a trusted certificate as well?

    Where you have now 127.0.0.1, you should put in the FQDN of your captive portal server. And on the captive portal server you should configure https://fqdn-of-cert-on-iap/..path-for-login... to use https.

    This video may help you to understand the communication flow with external captive portal.

    It may help to use your browser developer tools to monitor/follow all connections made by the client to determine where the certificate warnings are triggered.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------