Security

Hi Community,

Sorry if this question has already been asked by someone else ;

I am facing a weird issue in my lab and had the same in one of my customers deployment : 

> Got a cluster of 3 cppm servers
> Got EAP autosigned certificates (by default, didn't touch them)
> Got a public signed wildcard for https(rsa) certificate
> Got the root + intermediate public ca enabled and with role "other" in the trust list
> The dns resolution is working fine (for gui access and for captive portal)

But, when i'm trying to access the GUI of the servers (any of the 3 of them) of when i try to connect to my guest SSID, it seems that the server responds back with it's EAP autosigned certificate .... never presents me https(rsa) one

I tried to patch to version 6.11.6.x, same issue
I tried to clear the https certificate in CLI (command "system reset-server-certificate")  and then re-import it : same issue

Anyone has a clue of why i get this behavior ?

Thanks for help !

Edit : 

> Just changed my EAP certificates with ones delivered by my own Enterprise PKI : same issue ; it still presents me an autosigned certificate when trying to access GUI

The autosign presented : 


The https certificate : 


The EAP certificate : 



The Root/Intermediate Public ca in the trust List : 



Dunno what to do more ?

Hi Community,

Sorry if this question has already been asked by someone else ;

I am facing a weird issue in my lab and had the same in one of my customers deployment : 

> Got a cluster of 3 cppm servers
> Got EAP autosigned certificates (by default, didn't touch them)
> Got a public signed wildcard for https(rsa) certificate
> Got the root + intermediate public ca enabled and with role "other" in the trust list
> The dns resolution is working fine (for gui access and for captive portal)

But, when i'm trying to access the GUI of the servers (any of the 3 of them) of when i try to connect to my guest SSID, it seems that the server responds back with it's EAP autosigned certificate .... never presents me https(rsa) one

I tried to patch to version 6.11.6.x, same issue
I tried to clear the https certificate in CLI (command "system reset-server-certificate")  and then re-import it : same issue

Anyone has a clue of why i get this behavior ?

Thanks for help !

Hello,

Did you check the certificate that is presented with the Guest portal, is it not the HTTPS - ECC certificate.

If yes just disable it on all CPPM servers.

Kind regards

Christian

Edit : 

> Just changed my EAP certificates with ones delivered by my own Enterprise PKI : same issue ; it still presents me an autosigned certificate when trying to access GUI

The autosign presented : 


The https certificate : 


The EAP certificate : 



The Root/Intermediate Public ca in the trust List : 



Dunno what to do more ?

Hi Community,

Sorry if this question has already been asked by someone else ;

I am facing a weird issue in my lab and had the same in one of my customers deployment : 

> Got a cluster of 3 cppm servers
> Got EAP autosigned certificates (by default, didn't touch them)
> Got a public signed wildcard for https(rsa) certificate
> Got the root + intermediate public ca enabled and with role "other" in the trust list
> The dns resolution is working fine (for gui access and for captive portal)

But, when i'm trying to access the GUI of the servers (any of the 3 of them) of when i try to connect to my guest SSID, it seems that the server responds back with it's EAP autosigned certificate .... never presents me https(rsa) one

I tried to patch to version 6.11.6.x, same issue
I tried to clear the https certificate in CLI (command "system reset-server-certificate")  and then re-import it : same issue

Anyone has a clue of why i get this behavior ?

Thanks for help !

Hi Community,

Sorry if this question has already been asked by someone else ;

I am facing a weird issue in my lab and had the same in one of my customers deployment : 

> Got a cluster of 3 cppm servers
> Got EAP autosigned certificates (by default, didn't touch them)
> Got a public signed wildcard for https(rsa) certificate
> Got the root + intermediate public ca enabled and with role "other" in the trust list
> The dns resolution is working fine (for gui access and for captive portal)

But, when i'm trying to access the GUI of the servers (any of the 3 of them) of when i try to connect to my guest SSID, it seems that the server responds back with it's EAP autosigned certificate .... never presents me https(rsa) one

I tried to patch to version 6.11.6.x, same issue
I tried to clear the https certificate in CLI (command "system reset-server-certificate")  and then re-import it : same issue

Anyone has a clue of why i get this behavior ?

Thanks for help !