Wireless Access

Reply
Highlighted
MVP

Re: HELP!!! Certificate error after clearpass guest captive portal because of HSTS error

free = use http instead of https


Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found a post helpful or important? Click the "Thumbs Up" icon to give kudos.
-- Problem Solved? Click "Accept as Solution" in a post.
Highlighted
Moderator

Re: HELP!!! Certificate error after clearpass guest captive portal because of HSTS error

Which is an awful idea…


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted
Moderator

Re: HELP!!! Certificate error after clearpass guest captive portal because of HSTS error

Which is an awful idea…


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted

Re: HELP!!! Certificate error after clearpass guest captive portal because of HSTS error

But palo alto firewall I think is forcing the user to use hsts I think I forgot to mention

Highlighted
MVP Guru

Re: HELP!!! Certificate error after clearpass guest captive portal because of HSTS error

If you are really seeing HSTS messages, it is likely that this is not because of the captive-portal certificate, but because the initial redirect is done on HTTPS traffic to a site that uses HSTS.

 

Unfortunately installing a trusted certificate on ClearPass and the controller/instant does not solve that, it is how HSTS is designed. You can only 'fix' the HSTS error by not making the redirect to happen for HTTPS traffic.

 

Check this post http://community.arubanetworks.com/t5/Technology-Blog/Captive-Portal-why-do-I-get-those-certificate-warnings/ba-p/268921 on some more in-depth explanation and possible workarounds.

 

Regardless the redirect, you will need a certificate on both ClearPass (or external captive portal server) and on the controller/IAP in order to prevent certificate warnings during the captive portal authentication.

 

If you want to go the 'free' way for certificates, you can check out Letsencrypt (https://letsencrypt.org/) which has some inconvenience if your systems are not exposed to the internet (which is for controllers/ClearPass mostly the case), combined with the fact that the certificates are only valid for 90 days. I would personally spend those few dollars and get a certificate from a commercial CA; you can get a 3-year cert for $15, and you need two of them (ClearPass + Controller/IAP). Can't look in your wallet, but the time you spend on renewing every 90 days is probably more expensive than just purchasing a commercial cert.

 

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).

View solution in original post

Highlighted
Frequent Contributor I

Re: HELP!!! Certificate error after clearpass guest captive portal because of HSTS error

Hi@all

Is there a solution for iAP and Aruba Central?
I can not adjust the rule there, but I have the same problem with guest access (redirect)

Highlighted
Moderator

Re: HELP!!! Certificate error after clearpass guest captive portal because of HSTS error

Please create a new thread with details about your specific issue. This one is almost a year old.



If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: