Wireless Access

Hello 

Regarding the Cisco Clear Pass with WLC, I have some reservations.

I try to comprehend the clear pass self sign  guest portal process.
There is a redirection to clear pass when the user Gust connects to the ssid guest, for instance:
Registred page : registrers

And what happens next when the user fills it out and the page redirects them to the controller wlc ? Is it not?
 have some skepticism.
Login 
Ip network: wellcome.com
The funcion of this is to comunicate with the controller ?
In my case my custumer dosent have wilcard certificate and i have a mess .
The controler has the certificate  CN wellcome .com   (public certificate)
And the clear pass has the same  HTTPS certificate cn: wellcome .com . It is correct ? 
I am confusing i dont know what  CN or SAM must have the HTTPS clear pass for the guest  has trust in the clear pass . I belive now i am doing a bucle . 

What is the proper CN SAM  must have the clear pass for generete a public certificate for clear pass? 

The controller nust have the page 

Registrer portal 

The CN on HTTPS certificates is no longer relevant, just SANs count. And for guest flows, the controller, ClearPass and possible other servers that need to be reached during the login, will require a different FQDN, and each server should have a certificate that is valid for it's FQDN. That can be through separate certificates (which has a single SAN), or one/more certificates that have multiple SANs, wildcard (SAN contains a *) or any combination as long as you meet the requirement that the certificate for the server has a SAN that matches its FQDN to prevent certificate warnings.

You may check this video, then the controller initiated guest workflow for possible better understanding how certificates work in a guest scenario. Because in my experience some people may find certificates hard to understand, it may be good to ask your Aruba partner for assistance.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Apr 25, 2023 07:37 AM
From: athan
Subject: Guest Portal Clear Pass - Certificates

Hello 

Regarding the Cisco Clear Pass with WLC, I have some reservations.

I try to comprehend the clear pass self sign  guest portal process.
There is a redirection to clear pass when the user Gust connects to the ssid guest, for instance:
Registred page : registrers

And what happens next when the user fills it out and the page redirects them to the controller wlc ? Is it not?
 have some skepticism.
Login
Ip network: wellcome.com
The funcion of this is to comunicate with the controller ?
In my case my custumer dosent have wilcard certificate and i have a mess .
The controler has the certificate  CN wellcome .com   (public certificate)
And the clear pass has the same  HTTPS certificate cn: wellcome .com . It is correct ?
I am confusing i dont know what  CN or SAM must have the HTTPS clear pass for the guest  has trust in the clear pass . I belive now i am doing a bucle . 

What is the proper CN SAM  must have the clear pass for generete a public certificate for clear pass? 

The controller nust have the page

Registrer portal