Answered in your other thread on this topic.
Original Message:
Sent: Oct 22, 2024 10:30 PM
From: Mithran
Subject: Aruba IAP Guest Certificate
Thanks for the update , For instance, on the self-registration page, we've specified guest.example.com in ClearPass. We need to install a captive portal certificate with CN = guest.example.com, which should be a publicly signed certificate. Also, this guest.example.com does not require a DNS IP.Is my understanding is correct ?
Is this certificate used for communication between ClearPass and the IAP ??
Original Message:
Sent: Oct 16, 2024 10:07 PM
From: chulcher
Subject: Aruba IAP Guest Certificate
Nothing. That FQDN shouldn't exist in DNS at all. The IAP will respond to the DNS query directly, and the client device will interact with the IAP.
------------------------------
Carson Hulcher, ACEX#110
Original Message:
Sent: Oct 16, 2024 09:46 PM
From: Mithran
Subject: Aruba IAP Guest Certificate
My question is: What IP address should the IAP captive portal certificate FQDN resolve to?
We have multiple IAP clusters
Original Message:
Sent: Oct 16, 2024 03:21 PM
From: chulcher
Subject: Aruba IAP Guest Certificate
The captive portal certificate on the IAP is what the AP will respond to when the client is logging in. This is not the ClearPass certificate, ClearPass gets a separate certificate that matches whatever you are redirecting to.
The IAP captive portal certificate FQDN is the value that you input to ClearPass as the "Address" for the login portion.
------------------------------
Carson Hulcher, ACEX#110
Original Message:
Sent: Oct 16, 2024 03:10 PM
From: Mithran
Subject: Aruba IAP Guest Certificate
In my current setup, we have installed the certificate for guest.example.com on all Aruba IAP clusters for the captive portal and WebUI. However, there is no FQDN mapped to the controller IP address, as guest.example.com resolves to the ClearPass IP address. Instead of using secure.arubanetworks.com, guest.example.com is configured in ClearPass.
Original Message:
Sent: Oct 15, 2024 10:55 AM
From: chulcher
Subject: Aruba IAP Guest Certificate
Yes.
Use a tool, openssl for instance, to create the CSR. Once you've got the CSR and private key, submit the CSR as usual. Then combine the signed certificate along with the private key for upload to the APs.
https://wirelesswires.com/openssl-and-you-managing-certificates-and-signing-requests-csr/
------------------------------
Carson Hulcher, ACEX#110
Original Message:
Sent: Oct 15, 2024 01:54 AM
From: Mithran
Subject: Aruba IAP Guest Certificate
Hi ,
Can we use the same certificate for captive portal and web ui ?
We are accessing the IAP clusters using its IP address. How can we create a single certificate to install in multiple aruba clusters ?
Original Message:
Sent: Oct 03, 2024 05:26 AM
From: ariyap
Subject: Aruba IAP Guest Certificate
I think it the functionality was added with Instant version 8.7.
in either way here is where you can upload and assign the type Maintenance->Certificates->Upload
------------------------------
If my post was useful accept solution and/or give kudos.
Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
Original Message:
Sent: Oct 02, 2024 10:52 AM
From: chulcher
Subject: Aruba IAP Guest Certificate
I don't remember which version introduces the functionality (check the release notes) but later versions of IAP allow for separate certificates for captive portal and WebUI.
------------------------------
Carson Hulcher, ACEX#110
Original Message:
Sent: Oct 02, 2024 06:13 AM
From: Mithran
Subject: Aruba IAP Guest Certificate
We have 10 separate Aruba IAP clusters in our environment and are currently in the process of updating the WEB UI certificate. At the moment, the same certificate is used for both the WEB UI and the Guest network. The captive portal for the Guest SSID is configured in Clearpass.
Is a separate guest certificate required for Aruba IAP?
We're accessing the IAP using its IP address. How can we create a single certificate to accommodate this?
I'm new to this, so I would appreciate your help.