Quick question about how the certificates should be generated for use in a multi-controller + cppm cluster with external captive portal environment using a controller-initiated workflow. I want to make sure I understand exactly what needs to be used for the CNs, SANs and captive portal URL.
This would be for an aruba 8 environment with multiple controllers and a cppm cluster with publisher/subscriber.
VIP #1: Primary subscriber, secondary publisher
VIP #2: Primary publisher, secondary subscriber (for standby publisher)
Certificate 1 (For Controllers)(Publicly signed):
CN=wifi-login.domain.xyz
SAN=wifi-login.domain.xyz
This certificate would be uploaded to each controller to be used as the captive portal profile. This CN would NOT be registered in internal DNS. This needs to be publicy signed as it will be used for the URL redirection. The CN would be used as the NAS Vendor Settings Address/Hostname in the guest registration.
Certificate 2 (For CPPM cluster)(Publicly signed):
CN=wifi.domain.xyz
SAN=wifi.domain.xyz
SAN=cppm-pub.domain.xyz
SAN=cppm-sub.domain.xyz
SAN=cppm-vip-sub.domain.xyz
SAN=cppm-vip-pub.domain.xyz
This certificate would be uploaded in CPPM for RADIUS and HTTPS. The CN would be registered in DNS. This CN would resolve to VIP #1 in DNS.
Controller L3 Captive Portal settings:
URL: wifi.domain.xyz/guest/guest.php
Is this the correct way of doing it? I got some additional clarification today on what to do, but I want to be sure. Thanks!