Wireless Access

 View Only

  • 1.  Wildcard certificate on MSM causes asterisk in DNS redirect

    Posted Jan 17, 2013 03:56 PM

    Everything I read indicates that wildcard certificates (*.domain.com) are not supported on the MSM.  Is this still the case?  Is there a workaround for this problem?

     

    When a user connected to an Access Controlled VSC opens a web browser, (when using a wildcard certificate) they are re-directed to http://*.domain.com:8080/index.asp   (where domain.com is our domain).  If you manually type the interface IP address of the controller in place of *.domain.com, then the correct authentication page loads.

     

    The same is true once a user is authenticated.  Normally a session pop-up is supposed to appear.  However, the URL is wrong (contains the asterisk instead of the host name of the controller).  Han anyone run into this before?  Any help is much appreciated.

     

    I am going to check DNS as well, but I figure the controller (since it is intercepting DNS) would be able to make it's own URL with a wildcard certificate.  Please let me know if there is a workaround for this.  Any help is greatly appreciated.

     

    Thank you!,

     

    --John


    #certificate


  • 2.  RE: Wildcard certificate on MSM causes asterisk in DNS redirect

    Posted Jan 17, 2013 05:06 PM

    As far as I know this is not supported. I recommend my customers to use e.g. http://www.startcom.org/ to generate a free official certificate for the controller guest portal (1 free cert per domain I believe)

    Remember to include the CRL URL of the certificate in the unauthenticated user ACL on the controller, so new guest systems are able to verify and resolved the CRL of the certificate, otherwise the browser can take a long time before it shows the secure login page (trying to check the CRL, but it fails since blocked by the controller)

     

    best regards,Peter



  • 3.  RE: Wildcard certificate on MSM causes asterisk in DNS redirect

    Posted Feb 05, 2013 02:32 PM
    Thank you Peter. I think that is my best option for now. Hopefully HP will release some new code in the future that allows us to use our wildcard domain certificate.


  • 4.  RE: Wildcard certificate on MSM causes asterisk in DNS redirect

    Posted Jun 20, 2014 03:08 AM

    I have been using wildcard certs on the web management interface since back to at least 5.3.6 software. It works flawlessly. Installed from a PFX file and using a split DNS namespace.



  • 5.  RE: Wildcard certificate on MSM causes asterisk in DNS redirect

    Posted May 28, 2014 11:15 AM

    That is NOT SOLVED. The provided solution is just a workaround.

    This is a SERIOUS bug of the MSM760 software. The redirect hostname should be configurable, not hardcoded in the SSL certificate, since a valid (and paid) wildcard certificate should be fine.



  • 6.  RE: Wildcard certificate on MSM causes asterisk in DNS redirect

    Posted Jun 11, 2017 10:56 PM

    This is also affecting us. Redirect hostname should be configurable!



Related Content