Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

securelogin certificate

This thread has been viewed 25 times

  • 1.  securelogin certificate

    Posted May 18, 2020 06:26 PM

    Hopefully this is the right place to post.

    for the time of me i am unable to locate securelogin(captive portal) is located so i can upload a new certificate.

     

    we are running clearpass and Aruba central and i have gone through both and still cant find it anyone able to help 

     

    thanks



  • 2.  RE: securelogin certificate

    EMPLOYEE
    Posted May 19, 2020 02:19 AM

    Hi,

     

    On Central, you can upload the new certificate under Organization --> Certificates

     

    ayman_mukaddam_0-1589868607485.png

    Then under your Group Config, you select this certificate for captive portal.

    ayman_mukaddam_1-1589868742612.png

     

    On ClearPass Guest Page, you change the IP address to match your certificate common name. If your certificate is a wildcard certificate, then you use the name captiveportal-login.example.com assuming you have a wild card certificate for *.example.com

     

    ayman_mukaddam_2-1589868948608.png

     

     

     



  • 3.  RE: securelogin certificate

    Posted May 19, 2020 02:30 AM

    thanks for your reply.

    but i have gone through that and i can confirm all i can see is default certificate.

     

    URL for captive portal is different to what in clearpass guest reg page.

     

    are there any other locations the certs will be uploaded?



  • 4.  RE: securelogin certificate

    EMPLOYEE
    Posted May 19, 2020 02:50 AM

    Hi,

     

    Can you please explain in details where are you facing the issue?

    From high level steps,

    1) User connects to WiFi and is placed in initial role, gets redirected to ClearPass Guest Portal. Here they get the certificate from ClearPass.

     

    Are you reaching this step? If not, did you select External Captive portal profile and select your right profile?

     

    ayman_mukaddam_2-1589870866282.png

     

     

    2) Users completes the registration and presses login. ClearPass will instruct the client where to post back. This is the IP address/FQDN specified on ClearPass under the guest login page.

     

    3) Client's device will postback to this URL (which is for the certificate hosted on the IAP / controller)

     

    4) After that NAS will send a Radius Request to ClearPass to complete the authentication

     

    ayman_mukaddam_1-1589870675106.png

     

    Where is it failing?