Security

Reply
Highlighted
Frequent Contributor I

Clearpass / AOS 8.x Wildcard Certificate

Two part question. 

1. When using a wildcard certificate on the controller for a clean guest authentication workflow from CPPM (self-reg-> login). Do you need to only select the cert in the captive portal config item on the controller? Or, do you need to select it for the admin/webUI config item as well? I'm not 100% sure the difference. I would have assumed that the CP cert is just if you're going to use the controller's internal CP. 

 

2. Once that is done -- the NAS vendor in CPPM/guest just needs captiveportal-login.domain.tld ? This currently does resolve to the controller's IP.

 

I usually always have the customer setup a DNS A record just to ease things along, but it's not possible here. I'm getting weird redirection issues when using the 'custom' DNS name above (not 100% that's the issue) with and without the admin cert selected. Maybe I'm missing a simple checkbox? 

 

Just trying to rule out the obvious.

 

Thanks,

Guru Elite

Re: Clearpass / AOS 8.x Wildcard Certificate

1. Just the captive portal certificate
2. Correct, but no DNS names are needed

Also, a wildcard is overkill, dollar wise. A standard single-name certificate (~$5 USD/year) is all that is needed for captive portal.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Frequent Contributor I

Re: Clearpass / AOS 8.x Wildcard Certificate

Thanks, Tim.

Yeah. I agree on the price. It's what I have, and since I can't mess with DNS, I guess I don't have much of a choice.

I usually buy a single name cert, set an A record and move on. . .

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: