Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Wildcard cert

This thread has been viewed 17 times

  • 1.  Wildcard cert

    Posted Dec 13, 2016 01:05 PM

    Hi all,

     

    We are changing Captive Portal certificat on our IAP clusters from Aruba default one to a wildcard one. After loading new cert onto a cluster we will have to change a field on ClearPass displaying new hostname (CA used to create certificate).

     

    Two questions: a) where on ClerPass should we change hostname, and b) as we are using wildcard cert can we change it just into "*.domain.co.uk"?

     

    Thanks,

    AlanFord



  • 2.  RE: Wildcard cert

    EMPLOYEE
    Posted Dec 13, 2016 01:20 PM
    Did you take a look at this:

    https://community.arubanetworks.com/t5/Controller-less-WLANs/ArubaOS-Default
    -Certificate-Revocation-FAQ-Instant/ta-p/275814


  • 3.  RE: Wildcard cert

    EMPLOYEE
    Posted Dec 13, 2016 01:42 PM
    @AlanFord wrote:

    Hi all,

     

    We are changing Captive Portal certificat on our IAP clusters from Aruba default one to a wildcard one. After loading new cert onto a cluster we will have to change a field on ClearPass displaying new hostname (CA used to create certificate).

     

    Two questions: a) where on ClerPass should we change hostname, and b) as we are using wildcard cert can we change it just into "*.domain.co.uk"?

     

    Thanks,

    AlanFord

    Two things:

     

    Wildcard certificates for captive portal are supported on InstantOS 4.3.0.0 and beyond, not before.

    The article here:  http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/How-to-configure-ClearPass-Guest-Amigopod-web-login-when-using/ta-p/176438 describes what you would change in ClearPass.  I know it says controller-based, but the ClearPass mechanism is the same.



  • 4.  RE: Wildcard cert

    Posted Dec 14, 2016 05:06 AM

    Thanks Colin,

     

    Great link. We are running on InstantOS 6.1, so that should be OK.

     

     

    Regards,

    AlanFord