Hello
I got the fallowing scenario
1 Clearpass
2 Controllers -master stand by central site
10 local controllers on remote sites ( one controller in each site) for example site A one controller Site B the other controller etc
1 DMZ controller in the central site, which is a master controller and its alone.
All the local controllers are doing a GRE tunnel to the VRRP IP on the central site and passing the guest vlan that just exist in the controllers, then on the central site there is a GRE tunnel to the DMZ that does the same pass only the guest vlan,
I got in clearpass a public certificate
I got on Master and stand by controllers public certificates
I got a public certificate on local controllers as well
I don tthink do have them on the DMZ controller because i dont authenticate there or anything i just use it to terminate the tunnel from the master controller
Now for the public certificate on the controllers im using the same one. i did a request on an old clearpass which i can retrive the private key, and put the private key, the cert that is signed and the root ca on a .pem and uploaded it to everycontroller.
The scenario:
The user log in the network
The user if he goes to an http page he doesnt get an error of certificate and get the captive portal. If the user goes to an https page he gets a error but he can continue
the user fill up the info and request for the access
The IT get the email and they give them access, and it get redirected to the controller, and sometimes they get a public certificate error specially on MACs, again, and you have to click again to continue. This confuses the end users and they dont know what to do
Why this is happening or how can i prevent this from happening?
Anyone has any idea what could be wrong in my config or the way i did it?
Cheers
Carlos