Security

Reply
Highlighted
Occasional Contributor II

How many Public CA Certificate on External Captive Portal

Hi 

I need to know flow about External Captiveportal from Controller. I don't sure how many Public certificate (CA) for guest. 

I thinks a flow of certification is

1. Guest Connect to SSID-guest 

2. Redirect to External-Captive Portal 

3. User have receive Login Page and give a HTTPS Server Certificate on Clearpass

Certificate-InCPPM.jpg

 

4. User sign-in with username and password then click Login

5. After Click Login User will redirect back to controller and Give a Server  Certificate on Controller (On controller We not have a public Cert.We have Internal Certificate from AD)

 

RedirectBackRedirectBack 

I don't sure it's correct flow? 

 

We have issue After step 5. We have receive Error page on Browsers. 

I think because my Certificate is not signed from CA. 

 

How can i use a Public Cert on Clearpass only?  or We must use a two Public Certificate on both.


Accepted Solutions
Highlighted
MVP Guru

Re: How many Public CA Certificate on External Captive Portal

You will need a certificate installed on CPPM and a certificate installed on the Controller. If this is for Guest user (i.e you have no control of the clients Trust Store or PKI) then it is recommended to also use a public certificate on the Controller as well. As you've highlighted below, you would configure the Web Server Profile to use the Public Cert for Captive Portal use.


ACMP, ACSA, ACDX #985
If my post addresses your query, give kudos:)

View solution in original post


All Replies
Highlighted
MVP Guru

Re: How many Public CA Certificate on External Captive Portal

You will need a certificate installed on CPPM and a certificate installed on the Controller. If this is for Guest user (i.e you have no control of the clients Trust Store or PKI) then it is recommended to also use a public certificate on the Controller as well. As you've highlighted below, you would configure the Web Server Profile to use the Public Cert for Captive Portal use.


ACMP, ACSA, ACDX #985
If my post addresses your query, give kudos:)

View solution in original post

Highlighted
Occasional Contributor II

Re: How many Public CA Certificate on External Captive Portal

Thanks. 

I need to know a reason of Public Certificate must using on Controller?  

 

Highlighted
MVP Guru

Re: How many Public CA Certificate on External Captive Portal

The client will need to Trust the CA of the Captive Portal certificate on the controller so hence the need for a Public cert. The Guest browser will post to CPPM via HTTPS.


ACMP, ACSA, ACDX #985
If my post addresses your query, give kudos:)
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: