How to configure ClearPass Guest (Amigopod) web login when using an Aruba controller with a wildcard SSL certificate

Aruba Employee
Aruba Employee

An Aruba mobility controller ships with a default SSL certificate with the CN: The behavior of the controller is to adopt the name defined in the CN of the certificate as its virtual name. This means that any time a wireless client connected to the controller attempts to resolve the name, the controller will always return its switch IP by default.

When using a 3rd party SSL certificate, the CN on that certificate will be adopted as its virtual name. For example, if the SSL certificate has the CN:, then will always resolve to the switch IP of the controller.

A wildcard SSL certificate does not have a host portion of the CN defined. Instead, an asterisk is used to signify that any host name can be used with that certificate. In this case, the controller cannot use * as a virtual name since that is not a valid FQDN.

When a wildcard SSL certificate is installed on the mobility controller, it replaces the asterisk with the host name "captiveportal-login". In our example, the virtual name will be ""

When defining a web login page in ClearPass Guest, the "address" field defines this virtual name of the controller where the captive portal client will post its credentials after completing the web login form. You must use "" here, replacing the example portion with your domain portion of the wildcard SSL certificate.

Version history
Revision #:
1 of 1
Last update:
‎06-29-2014 08:32 PM
Updated by:
Labels (2)
Search Airheads
Showing results for 
Search instead for 
Did you mean: