Link to home
Start Free TrialLog in
Avatar of Tatankasa
Tatankasa

asked on

HP MSM720 Controller - Issue using 3rd party wildcard certificate for HTML Authentication

Hey there!  I'm hoping there someone out there who knows the HP MSM720 Controller for their MSM series Wireless Access Points.

One of the things we do with these products is host a 'Guest WiFi' network.  It's configured as a separately advertised wireless network (VSC) and using local authentication through the product's 'HTML Authentication' feature, which just basically means it's an open network, but all clients that connect are redirected to a login web page to authenticate.

So, the device comes with basically a self-signed ssl certificate, named 'wireless.hp.internal'.  I installed our 3rd party wildcard ssl certificate to use instead, and it's named to the effect of '*.<domain>.ca'.  Once I set HTML authentication to use the wildcard certificate, the html authentication page broke, 'page cannot be displayed'.  Turns out, on closer inspection, it seems that it's trying to re-direct the client's web browser to a web page addressed '*.<domain>.ca'.....seemed odd, so I reverted to the internal certificate, and the page started working again, but it is redirecting clients to 'wireless.hp.internal'......and it works....weird....

So anyways, it seems to me that it's likely the '*' that is the issue, I'm sure it's some sort of DNS redirect at play so it shouldn't matter what the name of the certificate is, but that special character is likely borking it up....

Ideally I'm hoping someone has dealt with this exact circumstance before and knows what I should be doing different....otherwise, maybe someone can advise if there is a configuration option in the MSM720 to change the page name to something different than the certificate name?  Or maybe I can rename my certificate somehow?  Thanks for any help!!
ASKER CERTIFIED SOLUTION
Avatar of Craig Beck
Craig Beck
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Tatankasa
Tatankasa

ASKER

OK, thanks for the detailed response!  I was hoping for something in the form of maybe reconfiguring the MSM controller to use something manually specified as the URL, but if as you say, it's bad form to have the wildcard in the CN, I would be better off pursuing that.  Thanks!!