Controllerless Networks

New Contributor

Configure IAP to use SAN from Wildcard certificate

We use a mix of IAP-105 and 205 access points in several locations broadcasting multiple SSIDs. The guest network is using "Internal - Authenticated" with a local user account for authentication. Since it was not high priority we never bothered to fix the certificate errors generated by the included demo certificate that was recently revoked.


I'm now trying to apply certificates to the units and after much trial and error was able to generate, combine, and apply the necessary keys and certificates to the virtual controller. This worked very well for the admin pages/virtual controller but no so well for the captive portal.


Since we already have a wildcard certificate I requested a duplicate and added "securelogin" as a SAN on the certificate. This works perfectly for the VC but the captive portal redirects to the wildcard/asterisk (* instead of


Is there a way to reuse this certificate and force the IAP to use the alternative name on the certificate or a specific subdomain covered by the wildcard? For example,,, so I don't have to issue individual certificates?


If I can get that far, will the units redirecting users to these pages handle their own name registration, knowing it is a loopback, or will I need to change the DNS and register the names for each AP so the clients can find the URL?


Thanks ahead of time for any assistance.

Guru Elite

Re: Configure IAP to use SAN from Wildcard certificate

--EDIT-- Posted wrong link


Unfortunately no. You can get an inexpensive certificate (between $10-$50) with
a generic common name (like network-login.domain.tld) and use it across all
your IAPs/VCs.

Tim Cappalli | Aruba Security
@timcappalli | | ACMX #367 / ACCX #480
Guru Elite

Re: Configure IAP to use SAN from Wildcard certificate

In a word, no wildcard for Captive Portal Certificate:


We cannot redirect to a SAN.  The hostname needs to be defined on the cert for the captive portal.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Search Airheads
Showing results for 
Search instead for 
Did you mean: