Controllerless Networks

last person joined: yesterday 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

securelogin.domain.com redirect fails with wildcard certificate - captive portal

This thread has been viewed 47 times

  • 1.  securelogin.domain.com redirect fails with wildcard certificate - captive portal

    Posted Nov 15, 2016 04:48 PM

    We have a guest SSID that requires users to accept the terms of use before accessing the internet.  They receive public DNS servers 8.8.8.8 and 8.8.4.4. We are also using clearpass for captive portal.  This is my issue:

     

    1. User connects to GUEST SSIDE

    2. User trys to load a webpage, and gets re-directed to captive portal (we have a wildcard cert installed in clearpass so this connection is https and secure/trusted)

    3. User accepts terms and clicks "login"

    4. Redirect to "securelogin.domain.com" shows page cannot be displayed / DNS error.

    5. We are using IAP205s in our network. No controllers.. just virtual ones.

    6. Airwave version 8.2.2.1

     

    During my research, I have done the following:

    1. Installed wildcard cert within Airwave (PEM) to be pushed to IAP VC

    (the CN of this cert if "*.domain.com"

    2. Verified the VC has the correct wildcard cert with the AP commands

    3. Changed the "address" field in clearpass guest to "securelogin.domain.com" (from the old securelogin.arubanetworks.com)

    4. If I installed a private cert with a CN of "securelogin.domain.com" the redirect works but we get the error / untrusted message and need to trust the cert (which is expected"

    5. I have updated the IAPs to the latestest "Early" release ArubaInstant_Taurus_6.5.0.0-4.3.0.1_57133 which supposetly allowed wildcard certs.

     

    My only other thought is to purchase a public cert (not a wild card) and test.

     

    I have been on the phone with Aruba and we can't figure it out.

     

    Any help would be much appreciated.



  • 2.  RE: securelogin.domain.com redirect fails with wildcard certificate - captive portal
    Best Answer

    EMPLOYEE


  • 3.  RE: securelogin.domain.com redirect fails with wildcard certificate - captive portal

    Posted Nov 15, 2016 05:59 PM

    Hi,

     

    I've tried adding the "captiveportal-login.domain.com" but receive a new error:

     

    "you connection is not private.... NET:: ERR_CERT_AUTHORITY_INVALID"

     

    I can proceed and get connected, but we would like to not have any messages when connecting to Guest.



  • 4.  RE: securelogin.domain.com redirect fails with wildcard certificate - captive portal

    EMPLOYEE
    Posted Nov 15, 2016 06:07 PM
    Is your wildcard certificate issued from a well-known public CA?


  • 5.  RE: securelogin.domain.com redirect fails with wildcard certificate - captive portal

    Posted Nov 16, 2016 08:54 AM

    Yup it is... Godaddy. Could it be that the cert I uploaded is in the wrong format?  I don't think mine has the intermediate root ca file.

     

    1. private-key
    2. public-cert
    3. intermediate-root-ca-file 

     

    I don't think mine is like this.  



  • 6.  RE: securelogin.domain.com redirect fails with wildcard certificate - captive portal

    EMPLOYEE
    Posted Nov 16, 2016 08:58 AM
    Yes it could be. Please follow the instructions in the FAQ.


  • 7.  RE: securelogin.domain.com redirect fails with wildcard certificate - captive portal

    Posted Nov 16, 2016 11:38 AM

    Hi Cappalli,

     

    I combined my public wildcard cert with the root and intermediate certs into one file (pretty much just copy and paste them into one) with the private key.  Uploaded that cert to Airwave and pushed it to the virtual controller.  This resolved the issue.

     

    Thanks for your assistance on this issue.