Wireless Access

Question regarding this:

There wont be any firmware upgrade that fix this automatically?

 

or you do have to generate and install the selft server certificate? or use a public certificate authority?

 

If you want to use a self server certificate on instants aps is there a way to do this?

 

Cheers

Carlos

 

 

No there will not. Default certificates will no longer be provided. You
should acquire a public certificate for use with Captive Portal.



A FAQ article will be posted very soon.

For instant aps the only way to go is with teh public cetificate??

For all platforms that included a default certificate (controller, IAP,
MAS), yes.

Tim i was askign you that because on the controller you can generate and install a selft server certificate.. but im not sure if you can do that with instant.. neither with the MAS

Self-signed certificates will throw a browser error during captive portal
authentication. A publicly signed certificate would be required to prevent
the browser error.

Tim im already aware of that

Is there an option of Selft server certificate on instant?

 

Cheers

Carlos

You would need to generate the self-signed cert with something like openssl
and then upload it.

Got it Tim Thank you

It just that there are some clients which didnt want to buy a certificate and didnt care about the warning for their  guest users or for the administration of the device...

I need a work around while they can purshase this public certificate... and this is something that can work.   We will remind them again this is the way to go.  

 

Cheers

Carlos

Hi cappalli!

I just checked release notes for 6.4.4.8-4.2.4.3 and it looks that the default certificate for securelogin.arubanetworks.com was replaced.

 

Bug ID 148693 

Symptom: The browser kept displaying a warning or an error claiming the securelogin.arubanetworks.com certificate had been revoked, causing disruption to the captive portal work flow of the IAP. As a fix to this issue, the securelogin.arubanetworks.com certificate has been replaced by a different certificate for which the browser may only have warnings and not errors. However, the best practice is for customers to upload their own publically signed certificate instead of relying on the default securelogin.arubanetworks.com certificate.

Scenario: This issue impacted all scenarios where captive portal is used and was observed in all IAPs running a software version prior to Instant 6.4.4.8-4.2.4.3.

For a small customer, they do not have a CA readily available to create a self-signed certificate.  There are internet blogs on how to create self-signed certificates on IIS 7 and Apache but it would reduce the angst in the field if we had a simple recipe card on how to bake the "self-signed certificate" cake.

While Public Wildcard Certificate is being looked at, is Use HTTP for authentication in

Captive Portal Authentication Profile > cp-profile-guest

a option to prevent captive portal login issue for the short term ?