Security

Reply
Highlighted
Occasional Contributor I

IAP and Clearpass certificate installation

Hi all,

 

Due to the known issues with the securelogin.arubanetworks.com certificate I am trying to install my own certificate on to an IAP (in conjunction with clearpass at the back end).

However I am running in to some issues which I try to resolve as well as trying to understand things I discovered during my investigation.

 

- To start, I first tested using the default pre installed securelogin.arubanetworks.com cert.

To my surprise, it did no longer throw the revocation error.

Is this something that has been resolved?

But instead of the revocation error I did get a weak cipher error in chrome and firefox, IE9 did not seem to care and just continued.

(and the whole solution worked as designed, only with some annoying cert errors)

At this point I decided that it was still a good idea to continue installing my own cert (no weak cipher stuf, and putting myself in control of the cert stuff)

 

- So I installed my public signed wildcard certificate (*.mydomain.com), including the private key and root certs. And on clearpass I changed the address to "securelogin.mydomain.com"
When testing it showed me the clearpass guest page, I authenticated successfully. But it throw me a 'domain not found' error afterwards, when redirecting.

 

- Now I changed it to captiveportal-login.mydomain.com and gone has the "domain not found" error. Why is it that I need to use "captiveportal-login"?

 

- However, I'm still not there. When the guest portal authentication page pops up, I enter the correct credentials and after submitting I receive the portal authentication page again, with the following error message: "login error. please retry."

Clearpass access tracker shows: "application guest access - web login: accept", but no radius could be observed.

 

At the moment I'm out of ideas, please advise?


Accepted Solutions
Highlighted
Occasional Contributor I

Re: IAP and Clearpass certificate installation

I managed to get this working.

It appeared the radius config dissapeared from the SSID after a reboot.

I added it again and all was working.

 

But one of  my questions remains, when using a wildcard cert.

Why does the redirect need to go to "captiveportal-login.mydomain.com"?

View solution in original post

Highlighted
Moderator

Re: IAP and Clearpass certificate installation

That's how the software is configured. Is there a concern?


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

View solution in original post


All Replies
Highlighted
Aruba Employee

Re: IAP and Clearpass certificate installation

Highlighted
MVP Expert

Re: IAP and Clearpass certificate installation

Did you make any changes to your guest page ?
if you are using the wildcard cert then you need to use captiveportal-login.yourdomain but if is not a wildcard you should be able to use the secure login.yourdomain

When you create a guest self registration page by default it will perform a RADIUS authentication , there's a template available for guest or guest with Mac caching

Get Outlook for iOS
Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Highlighted
Occasional Contributor I

Re: IAP and Clearpass certificate installation

Yes I did follow that article.

Highlighted
Occasional Contributor I

Re: IAP and Clearpass certificate installation

I managed to get this working.

It appeared the radius config dissapeared from the SSID after a reboot.

I added it again and all was working.

 

But one of  my questions remains, when using a wildcard cert.

Why does the redirect need to go to "captiveportal-login.mydomain.com"?

View solution in original post

Highlighted
Moderator

Re: IAP and Clearpass certificate installation

Because the broswer needs an FQDN to hit and with a wildcard, there isn't one.


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted
Occasional Contributor I

Re: IAP and Clearpass certificate installation

Agreed, but why captiveportal-login.mydomain.com and not somethingelse.mydomain.com?

Highlighted
Moderator

Re: IAP and Clearpass certificate installation

That's how the software is configured. Is there a concern?


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

View solution in original post

Highlighted
Occasional Contributor I

Re: IAP and Clearpass certificate installation

No, I just wanted to know more about how it worked.

Highlighted
New Contributor

Re: IAP and Clearpass certificate installation

Hi,, I have installed wildcard certificate in CPPM whereas in few location I haven't installed in NAD device.. will capitive portal page redirection happen or not .
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: