Header Only - DO NOT REMOVE - Extreme Networks

NO Guest Portal authentication mode when creating a new guest portal and other problems...(certificate)


Hi, 1) We have a new Enterasys installation, version "Software: 08.31.03.0011". I try to make a new GuestPortal and I follow the user guide and video "How to configure wireless guest splash for the enterasys wireless solution" and at a certain point (if you follow the wizard), you have to choose for AUTHENTICATION MODE = GUEST PORTAL (that's what the video and the user guide say). Now the problem is that I can't make that choice, I only have "Internal captive portal" and "external captive portal". Why is that ? 2) The current VERY BASIC configuration was done by an engineer but there are some problems with it. There is a guest portal (which we want to change!) and when we connect to it, we get a certificate warning. Isn't it possible to configure the guest portal without HTTPS ? I checked the certificates and there are no certificates configured so I tried to configure one in Enterasys > WIRELESS CONTROLLER > NETWORK > CERTIFICATES and I can make one and save it but when I import it in Enterasys I get an error: Failed to save configuration: Installing the X.509 Certificate operation has failed for topology "Portal Topology". Please check the certificate file integrity. I don't know why I get this error but I don't want that guests get a security warning when they make access. So how can I resolve this problem ? thank you.

7 replies

I solved the authentication mode by deleting the portal and making a new one. Apparently you can make only 1. But the second problem is still active. I don't want a warning message when connecting to the portal. When I import the created certificate file, I get an error: Failed to save configuration: Installing the X.509 Certificate operation has failed for topology "Portal Topology". Please check the certificate file integrity. It seems to me that all fields are entered correctly so I don't know what the problem is. Can anybody help please ? thanks.
Well, I don't think there is a way to turn off https. You wouldn't want to anyways because your authentication wouldn't be as secure. The proper way to get around the cert warning is to gen up a cert and have it signed by a trusted well known CA. You might want to call GTAC for assistance.
So if I could make a selfmade certificate by the controller, i still will always have that error message ? The guest portal is only an internal site in our configuration and not accessible via a public ip address. And is there a reason why I can't import the created certificate ? thanks.
If your using the "generate signing request" button on the controller, your only creating a signing request and not a certificate. You can then use that CSR to create a certificate. You could create a self signed cert which would still give you the error message in the browser, or you could have a cert generated by a trusted well known CA.
thanks for the info, it really helped! I made the request and used it to make a certificate in getacert.com. I could implement it on the controller, will test it monday and if it works, I owe you a beer! Have a nice weekend.
Best practice .. create a DNS record for wireless.verus.com (or whatever your domain is) and point it to your wireless controller. Request an SSL cert from someone like GoDaddy. Here's an Enterasys KB article about it. It is kind of old but still applicable. https://cp-enterasys.kb.net/article.aspx?article=13106&p=1
thanks, I can do that. We currently have a certificate with a wildcard but it is rejected by the controller. No idea why... It would be ideal if we could use that one of course.

Reply