Security

last person joined: 15 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Guest portal certificate issue

This thread has been viewed 25 times

  • 1.  Guest portal certificate issue

    Posted Nov 20, 2019 04:15 AM

    Hello, 

     

    Trying to understand client certificates when clients try to login through the guest login portal. On client's Google chrome browser On CPPM certificate store, I see an HTTPS server certificate installed, this certificate is sent to the client browser but the browser complains its not trust. So I exported this certificate to the client computers (windows 10) in .p12 formate and added it to trusted certificate but even then it says the certificate is invalid. When I check the certificate it seems to all right but says its invalid. Any idea why that might be or what should I be doing to fix this.

     

    I'm using Windows 10 with latest chrome. The cert is sha 256 formate when i created it on the CPPM but on the client computer I also see something about Sha1. New to certificates so dont know whats wrong. Any guidance will be appreciated.

     

    Thanks.



  • 2.  RE: Guest portal certificate issue

    MVP EXPERT
    Posted Nov 20, 2019 04:44 AM

    Whats the error message that the browser gives for not trusting the certificate?



  • 3.  RE: Guest portal certificate issue

    Posted Nov 20, 2019 10:05 PM

    Thanks for the response.

     

    I dont see any other error, on the browser next to the address bar it says Not Secure, when i click on not secure it says Certificate (Invalid). On the windows I check the certificate, its says This certificate is OK. 

    Our redirect URL starts with https://www.myclearpass.com/... The certificate CN = myclearpass.com

    Issuer = myclearpass.com

    I suppose its a self signed certificate issued by the root CA on clearpass, we have not added it to any public CA in the trust chain, maybe that is the cause? If thats the case then please advise some specific steps to make this work like a word or two on how i could get a public CA if possible, thank for your patience.

     



  • 4.  RE: Guest portal certificate issue
    Best Answer

    MVP EXPERT
    Posted Nov 21, 2019 03:32 AM

    Thats exactly the issue, the self signed certificate has been issued by a source which the client does not trust. You should replace the certificates on the CPPM. Ideally for Guests, you would use a publicly signed certificate (since you have no control over the Guest devices and would rely on the Certificate Trust Store which ships with the device....).

     

    Take a look at the below, it offers some good reading and tips regarding certificates on CPPM.

     

    https://community.arubanetworks.com/aruba/attachments/aruba/aaa-nac-guest-access-byod/14977/1/CPPM%20-%20Certificates%20101%20Technote%20V1.0%20.pdf



  • 5.  RE: Guest portal certificate issue

    Posted Nov 21, 2019 04:05 AM

    Thank you Craig, you've been very kind.