Security

Seem to be nearly there with our setup with just 1 issue remaining. After a guest signs up for our public wifi through the Amigopod captive portal, account is created, correct role assigned. The redirect tries to then talk to the Aruba controller via IPon our private LAN . (Amigopod is on a vlan address). This prompts a certificate error, if you proceed you then get taken onto the redirect page (google) and you're away.  I'm completely lost as to where this redirect to our Aruba IP can be found, If I could change it to the hostname then our SSL cert would work but I just can't find it.

 

Any ideas?

 

Do you have a custom certificate on your controller?

Yes we've a wildcard GoDaddy cert on the Aruba controller and amigopod

 

It looks to be all working apart from it stop's the redirection to force the user to accept the certificate as it's loading via an IP and not the hostname, can't see where to change it

In your self-registration configuration, under NAS Login, try changing the IP address field to the common name in the certificate (ex: wireless.domain.edu)

 

Initially the Nas login wasn't even enabled. Having done this unfortunately the RADIUS server stopped, on reboot I get the following

 

I would open a TAC case. They can help you troubleshoot.

No problem I managed to get that started again.

It seems my issue lies in the 'RADIUS Web Logins' page.

 

No matter what I put in this field (google for test to see if it tries to load that) it's always trying to contact securelogin.arubanetworks.com , I can't get this to talk to the controller by IP or hostname. Am I missing something?

Do you have the following box checked marked. It will override the address from above.

 

No that's unticked.

 

If I accept the untrusted certificate, the page will carry on to the redirect page (google or such)

It's just always trying to load this aruba certificate rather than our own.

Is your initial page a https when you open your browser?

Yes the captive page that appears when you join the WiFi is HTTPS://hostname

No, I'm talking about the browsers default page.

I've seen a similar issue where the users default page is for example https://www.google.com and because the initial page is a secure page it will error out because the cert being presented is your wildcard cert and it doesn't match the google name.

Ah right, no unfortunately not it's just standard http.