Security

Reply
Occasional Contributor I

Strange Captive Portal Behaviour

Hello,

 

I'm seeing some strange behaviour with our Clearpass based captive portal. Even though we are using a current public certificate on the WLC and Clearpass if I connect on my Andriod phone I'm getting an error message "There is a problem with the secuity certificate for this site. The name of the site does not match the name on the certificate".

 

When I click "View" I can see the certificate it's complaining about is the WLC captive portal certificate that has a CN of securelogin.company.com'.

This message pops up before I even try to open a browser or click 'Sign In', essentialy all by itself.

 

Really confused as to why this is happeneing, I did a quick test in our lab and even when I configure the captive portal to via HTTP this still happens. Sort of like there are some background services that try and spin up a HTTPS session and are somehow running into a certificate issue.

 

Thanks in advance

Guru Elite

Re: Strange Captive Portal Behaviour

What is the CN of your captive portal certificate on the controller?

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor I

Re: Strange Captive Portal Behaviour

The CN of the controllers certificate is securelogin.<client domain>.

 

When I associate to the SSID with my Andriod mobile, the SSID shows a message 'Checking the quality of your internet conenction' and then that error comes up without me doing anything. Then I get an error 'The name of the site does not match the name on the certificate', when I click view the CN is identical to my captive portal certificate: securelogin.<client domain>.

 

Re: Strange Captive Portal Behaviour

Could it be that you try to redirect HTTPS traffic (port 443)?

Check this article on why it is expected behavior to see certificate warnings in that case.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: