Controllerless Networks

Hi,

I am going to integrate Clearpass Guest with IAP cluster and I have public certificate on clearpass server so I just want to know that do I require public certificate for my IAP cluster too?

Its not manditory/required to have public signed certificate to be installed on IAP for Clearpass Guest.

 

In clearpass, we have two certificates https/radius. We can have self-singed for https, if you are OK with client brower warning messages  but make sure to have public singed radius certificate which is used for EAP-TLS/EAP-PEAP authentication.

 

Regards,

Pavan

Hi Pavan,
Thanks for response.

As per clearpass guest workflow, clearpass send response back to secure login.arubanetworks.com and which resolved to virtual controller host name so if that vc don't have the public certificate then crome and iOS user will not able to redirect to desire URL.

Hi,

 

I havent come across such issue, it should work. Client will be displayed with warning message when they click submit button on captive portal page.

 

If you dont want client to see any warning messages during redirections, I would recommand to have public certificate both on IAP and CPPM.

 

Regards,

Pavan

Just some clarification here.

 

You should always use a public CA-signed certificate for HTTPS in ClearPass. The EAP server certificate can be either public or private depending on your environment.

 

You should also always use a public CA-signed certificate for captive portal on the IAP-VC / controller.

Hi Cappalli,

I am using clearpass guest with IAP so should I require https public signed certificate on Clearpass and IAP both ?

Yes. 1 for the captive portal function on IAP and 1 for HTTPs on ClearPass.

 

http://community.arubanetworks.com/t5/Controller-less-WLANs/ArubaOS-Default-Certificate-Revocation-FAQ-Instant/tac-p/293244