We have an issue everytime that we update our certs (ClearPass Guest and Aruba Controller). The issue is we up load the cert (HTTPS) on ClearPass then we have to take the PFX cert file (convert it to PEM for Controller). The controller cert is put in the order of root->intermediate->server-.private key. TAC has even tried it server->intermediate->root->private key. No matter what way some devices when redirected from the captive portal to controller then to our company's website, some users have not issues. Other users either never sees the captive portal page or get a certifacte error (the one from controller). The users that have iOS, Android, MacOS and Windows 10. Browsers range from Safari, Firefox, Chrome, Edge and Internet Explorer. It makes it hard to troubleshoot because it works for one devices and another will not work (the devices are the same and same version of OS).
I made sure that the controller has Bypass Apple Captive Network Assistant enabled. HTTPS authenication is set. Controllers are 7210 running 6.5.4.14.
TAC thinks it is the cert. We get our certs from GeoTrust-RSA-CA-2018 (DigiCert-Global-Root-CA). The certs for HTTPS and RADIUS on ClearPass our issued by the same, they work fine. Just the one for the rediect.
Any ideas?