Security

Reply
Contributor I

Guest portal certificate issue

Hello, 

 

Trying to understand client certificates when clients try to login through the guest login portal. On client's Google chrome browser On CPPM certificate store, I see an HTTPS server certificate installed, this certificate is sent to the client browser but the browser complains its not trust. So I exported this certificate to the client computers (windows 10) in .p12 formate and added it to trusted certificate but even then it says the certificate is invalid. When I check the certificate it seems to all right but says its invalid. Any idea why that might be or what should I be doing to fix this.

 

I'm using Windows 10 with latest chrome. The cert is sha 256 formate when i created it on the CPPM but on the client computer I also see something about Sha1. New to certificates so dont know whats wrong. Any guidance will be appreciated.

 

Thanks.

MVP Guru

Re: Guest portal certificate issue

Whats the error message that the browser gives for not trusting the certificate?


ACMP, ACSA, ACDX #985
If my post addresses your query, give kudos:)
Contributor I

Re: Guest portal certificate issue

Thanks for the response.

 

I dont see any other error, on the browser next to the address bar it says Not Secure, when i click on not secure it says Certificate (Invalid). On the windows I check the certificate, its says This certificate is OK. 

Our redirect URL starts with https://www.myclearpass.com/... The certificate CN = myclearpass.com

Issuer = myclearpass.com

I suppose its a self signed certificate issued by the root CA on clearpass, we have not added it to any public CA in the trust chain, maybe that is the cause? If thats the case then please advise some specific steps to make this work like a word or two on how i could get a public CA if possible, thank for your patience.

 

Highlighted
MVP Guru

Re: Guest portal certificate issue

Thats exactly the issue, the self signed certificate has been issued by a source which the client does not trust. You should replace the certificates on the CPPM. Ideally for Guests, you would use a publicly signed certificate (since you have no control over the Guest devices and would rely on the Certificate Trust Store which ships with the device....).

 

Take a look at the below, it offers some good reading and tips regarding certificates on CPPM.

 

https://community.arubanetworks.com/aruba/attachments/aruba/aaa-nac-guest-access-byod/14977/1/CPPM%20-%20Certificates%20101%20Technote%20V1.0%20.pdf


ACMP, ACSA, ACDX #985
If my post addresses your query, give kudos:)
Contributor I

Re: Guest portal certificate issue

Thank you Craig, you've been very kind.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: