Wireless Access

I have a pair of 3400 controllers in a cluster:

Model:	Aruba3400-US
Version:	6.4.2.15

I created a CSR on a different machine and obtained a known CA signed cert for these boxes.  I took that cert file in PEM format and appended the intermediate & CA certs and the key to the file, then uploaded it to both boxes.  I also uploaded the intermediate as 'intermediate' and the CA as 'TrustedCA'.  Then I went to Management > General > 'Captive Portal Certificate' and selected this cert on both boxes.  For some reason, when I log in via captive portal, the controller is still using the 'securelogin.arubanetworks.com' cert.

 

Am I missing something?

 

Thanks for any help!

Note - I get redirected to the URL that is in the cert, but that page is presenting the securelogin.aruba.networks.com cert still.

Did you changed the Captive Portal Certificate to point to the new one you uploaded under Management > General ?
If you are using ClearPass you also need to update it with the new name under NAS settings

Yes.  I did that.  I'm not using clear pass.  My captive portal is hosted on the controller.

I think you should open a TAC case...

I went back and forth with TAC yesterday.  The last thing they told me was that my known-CA signed cert should have my controller's hostname in it and not securelogin.arubanetworks.com, so I should re-issue it.  The cert does have all of the correct into in it though.

 

The issue is that even though the cert is loaded and selected to be used for the captive portal, the DEFAULT cert is still being presented on the CP page.

 

Does anyone know of any common things that might be causing this?  I've audited my config against a controller where it is working and it's the same - except the controller where it is working is a standalone and this is a cluster.

 

*Note - TAC said that I had done everything right as far as uploading the certificate and choosing it to be used for captive portal.  Also, I verified in the CLI that the GUI config matches.

 

Do I possibly need to just apply everything and then reboot for this to take?  Maybe the web server service isn't restarting even though the GUI says it is?  Should I manually restart httpd?

 

Thanks for any help!

Also - if I choose my internally signed cert that I also use on the web admin UI, it seems to stick.

 

Is there an order that my cert and key should be placed into the cert file?

process restart httpd

 

Boom - correct cert is presented and everything works.

Having the same issue. Doing a 'process restart httpd' did not work.

 

Running 6.4.4.16. Captive portal is configured on the controllers. Cert is uploaded and selected in General tab.

 

User associates to CP SSID and gets redirected to a URL beginning with https://securelogin.arubanetworks.com/upload/custom/<cp-profilename>/login.html?....etc. Most browsers grouse about the invalid cert but if you click through that you get the desired CP page but the URL should start with login.wireless.umass.edu not securelogin.arubanetworks.com.

 

In Management>General tab the correct cert is selected for Captive Portal Certificate. Tried using http only (not https) and I get the IP address in place of securelogin.arubanetworks.com but that is unsecure. When I restored https it goes back to securelogin.arubanetworks.com.

What do you see when you run "show datapath fqdn" on the controller?

So as part of further testing I tried the following and so far it seems to have worked:

 

Select the "default" cert under Captive Portal in Management>General tab and Apply. Afer the web server restarts (re)select the cert that you wish to use (should have been be seeing) and Apply. This has worked for me on the one controller I did this to. Tomorrow I will try doing the same with the remaining controllers.

 

Mike