Security

Hi 

I need to know flow about External Captiveportal from Controller. I don't sure how many Public certificate (CA) for guest. 

I thinks a flow of certification is

1. Guest Connect to SSID-guest 

2. Redirect to External-Captive Portal 

3. User have receive Login Page and give a HTTPS Server Certificate on Clearpass

4. User sign-in with username and password then click Login

5. After Click Login User will redirect back to controller and Give a Server  Certificate on Controller (On controller We not have a public Cert.We have Internal Certificate from AD)

RedirectBack 

I don't sure it's correct flow? 

We have issue After step 5. We have receive Error page on Browsers. 

I think because my Certificate is not signed from CA. 

How can i use a Public Cert on Clearpass only?  or We must use a two Public Certificate on both.

You will need a certificate installed on CPPM and a certificate installed on the Controller. If this is for Guest user (i.e you have no control of the clients Trust Store or PKI) then it is recommended to also use a public certificate on the Controller as well. As you've highlighted below, you would configure the Web Server Profile to use the Public Cert for Captive Portal use.

Thanks. 

I need to know a reason of Public Certificate must using on Controller?  

The client will need to Trust the CA of the Captive Portal certificate on the controller so hence the need for a Public cert. The Guest browser will post to CPPM via HTTPS.