Wireless Access

Reply
New Contributor

Wildcard Cert for Captive Portal

We recently renewed our Wildcard cert and I went ahead and uploaded it to our Virtual Controller for use of the guest registration through the captive portal. 

 

However, after the Guest logs in the redirect to https://captiveportal-login.DOMAIN.com throws an error:

NET::ERR_CERT_AUTHORITY_INVALID

 

When I open up the certificate that's presented, it shows only the certificate and nothing for the certificate path. I'm fairly certain this was an issue since this was built, and don't think it has anything really to do with the new cert (but just wanted it to be known). 

 

I took the PFX that we received and converted it to a PEM using OPENSSL. The uploads to the ClearPass server of the certificate and key separately went in no problem and I can see the whole path. I uploaded the wildcard cert under the Captive Portal Server in the virtual controller along with the CA server and root under "CA." 

 

Everything looks alright, but I'm not sure why it's not presenting the path. 

Highlighted
MVP Guru

Re: Wildcard Cert for Captive Portal

I think you missed the intermediate chaining for the certificate that you uploaded to the Aruba Instant. ClearPass does automatic chaining if the intermediates are present, for Instant you need to manually/explicit chain the certificate.

 

Check this ASE solution for the OpenSSL commands and chaining procedure.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
New Contributor

Re: Wildcard Cert for Captive Portal

Thank you that helped!

 

I ended up going and exporting both the intermediate and root CA from the cert individually to .CER files in Windows. 

 

Then using OPENSSL I converted them to PEM
openssl x509 -inform der -in intermediateca.cer -out intermediateca.pem

 

I was able to then open in notepad and copy all the information into my original file with the key and certificate. Everything uploaded fine and I don't get any more warnings. 

 

Thanks again!

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: