Controllerless Networks

Reply
Occasional Contributor II

Re: Using Two Certificates SSL in Aruba Instant with Clear Pass Guest

I do not understand, why not?
How users will access trusted sites through HTTPS, since they are visitors who will access through the guest portal and others who will access another mobile network (Smartphones) and need to have the certificate to install at the time of access.
If not, how will I install two certificates in the IAP, they are already inserted in the Clear Pass as trust.

Guru Elite

Re: Using Two Certificates SSL in Aruba Instant with Clear Pass Guest

An SSL decrypt certificate needs to be installed on the client.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor II

Re: Using Two Certificates SSL in Aruba Instant with Clear Pass Guest

So I agree when the network that is being used is 802.1x which can be installed the certificate via windows GPO policy for example, however in the case of the network visitors through a guest portal and the mobile network, in this case the client will not install two certificates every time a visitor arrives in the company, in this case the IAP controller must be able to reconfirm HTTPS secure traffic through the CA and Firewall certificates, in order to trust them and be able to do the inspection.
In IAP I can only install 1 certificate, however I would like to know if it is IAP limitation and if only the controller supports, to warn the client of this problem and to study a way to be able to import these certificates and to leave this process automated.

I will open a TAC also to formalize because the customer will need it.

Guru Elite

Re: Using Two Certificates SSL in Aruba Instant with Clear Pass Guest

You should not be asking guests to install SSL decrypt certificates!

Also, just to reiterate, the IAP is NOT INVOLVED in this at all.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor II

Re: Using Two Certificates SSL in Aruba Instant with Clear Pass Guest

I'm sorry, but I did not understand how to solve this, because IAP is configured with clear pass but the HTTPS sites are not working because of these certificates, and in the wired network this already works, but in the wifi networks GUEST and MObile do not.
How to solve this?

Guru Elite

Re: Using Two Certificates SSL in Aruba Instant with Clear Pass Guest

You should really work with your ClearPass partner.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor II

Re: Using Two Certificates SSL in Aruba Instant with Clear Pass Guest

Ok, but I already imported the certificates as trust in the clear pass and it still did not work.

Guru Elite

Re: Using Two Certificates SSL in Aruba Instant with Clear Pass Guest

ClearPass is not involved either.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor II

Re: Using Two Certificates SSL in Aruba Instant with Clear Pass Guest

Sorry but now that I do not understand anything, you tell me that it is not necessary to insert any certificate in IAP or ClearPass?
I do not know what to do, do you recommend opening a TAC?

Highlighted
Guru Elite

Re: Using Two Certificates SSL in Aruba Instant with Clear Pass Guest

ClearPass and the Aruba network devices have no involvement in SSL decryption. TAC likely will not be able to assist.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: