04-08-2019 06:24 PM
Two part question.
1. When using a wildcard certificate on the controller for a clean guest authentication workflow from CPPM (self-reg-> login). Do you need to only select the cert in the captive portal config item on the controller? Or, do you need to select it for the admin/webUI config item as well? I'm not 100% sure the difference. I would have assumed that the CP cert is just if you're going to use the controller's internal CP.
2. Once that is done -- the NAS vendor in CPPM/guest just needs captiveportal-login.domain.tld ? This currently does resolve to the controller's IP.
I usually always have the customer setup a DNS A record just to ease things along, but it's not possible here. I'm getting weird redirection issues when using the 'custom' DNS name above (not 100% that's the issue) with and without the admin cert selected. Maybe I'm missing a simple checkbox?
Just trying to rule out the obvious.
Solved! Go to Solution.
04-08-2019 06:27 PM
2. Correct, but no DNS names are needed
Also, a wildcard is overkill, dollar wise. A standard single-name certificate (~$5 USD/year) is all that is needed for captive portal.
Re: Clearpass / AOS 8.x Wildcard Certificate
04-08-2019 06:33 PM
Yeah. I agree on the price. It's what I have, and since I can't mess with DNS, I guess I don't have much of a choice.
I usually buy a single name cert, set an A record and move on. . .