Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Controller Captive Portal Certificate

This thread has been viewed 37 times

  • 1.  Controller Captive Portal Certificate

    Posted Jun 16, 2019 05:45 PM

    I am running ArubaOS 8 with ClearPass Guest. I have a publicly issued certificate uploaded as my captive portal certificate on my controller(s). However, it has 3 alternate SAN's, one of which I would like to use for captive portal. However, show datapath fqdn only shows the primary common name of the certificate.

     

    The bigger issue is that the controller intercepts all DNS requests for the common-name regardless of user role. If the user is an authenticated role via 802.1X (instead of guest) and they navigate to the FQDN, the controller always hijacks the request. This is a problem becuase the common-name of the certificate is being utilized elsewhere for other server access.

     

    Is there a way around this behavior?



  • 2.  RE: Controller Captive Portal Certificate

    EMPLOYEE
    Posted Jun 16, 2019 10:10 PM

    Use a different certificate is the only way.  The fqdn is necessary for the submit in the ClearPass HTML, so it really shouldn't be used anywhere else.  You should only have one SAN, because that is all it will utilize.