How to associate a Domain Name with a hardware Devie's IP address?

Digital Certificates have been a mystery to me.  I am starting to understand them better with more exposure to them; but....

 I want to understand how I can associate w Domain name for my work's Wireless Controller (Wlan.Company.com) with the new Wireless controller?  Right now my manager uploaded something to the Wireless controller so I can type https://City.Wlan.company.com and arrive to the Wireless controller's administrator web page.

The same wireless controller provides a captive portal for Guest WiFi.  The Guest WiFi web portal currently shows https://Controller_IP_Address/cgi...welcome?  I would like to have the Domain_Name = Wlan/Company.com    show up in the web address instead of the Controller's IP address.

How can we make this happen?  I think we have a digital certificate; but, I think it is something that we created at the company.
LVL 1
PkafkasNetwork EngineerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AntzsInfrastructure ServicesCommented:
You will need to add an entry to your DNS Server, to associate the domain name to an IP Address.  The DNS Server can either be hosted internally or externally.

If you have access to the Wireless controller, you can look at the configuration there and see what is configured in the DNS section.  That will be your DNS servers.
PkafkasNetwork EngineerAuthor Commented:
I was told by the wireless controller vendor that we will need to get a SSL Certificate from a Certificate Authority.  The captive portal is for guest access and is not using IP addresses on our company network.

There must be another way.
AntzsInfrastructure ServicesCommented:
To associate the domain name to the IP address you dont need a certificate.  The certificate is needed for your captive portal so that when guests' connects to your wifi and get the Guest WiFi web portal they will not get the prompt saying that your website is unsecured or your website certificate is untrusted.
Why Diversity in Tech Matters

Kesha Williams, certified professional and software developer, explores the imbalance of diversity in the world of technology -- especially when it comes to hiring women. She showcases ways she's making a difference through the Colors of STEM program.

PkafkasNetwork EngineerAuthor Commented:
What if the domain name such as City.wlan.Company.com will not be on an IP address in our company network?  

The Wireless Controller will serve as a DHCP router to the guest wireless clients and those IP addresses distributes to client devise  (private IP's) are blocked from connecting to the corporate network?  

In the past when I needed to assign a domain name to a public web site such as a Citrix Remote Access or Email Domain for Exchange I used a public IP address from our Internet Service Provider and made the appropriate firewall rules.  I would also use an SSL Certificate from a C.A. to assign to that Domain Name.

Now, I am trying to associate a Domain Name to an IP address (wireless controller) that is on our company network that will distribute Private IP addresses to clients in an internet only VLan.

The instructions state (page287)
"The Aruba managed device is designed to provide secure services through the use of digital certificates. The
server certificate is installed on the managed device through the Mobility Master. A server certificate installed in
the managed device verifies the authenticity of the managed devices for captive portal."
Server-Certificate.docx
PkafkasNetwork EngineerAuthor Commented:
It appears that we do have a digital certificate from Thawte regarding wlan.company.com
It is currently being use don our production wireless controller.

Does that mean that we cannot use the same certificate on the new controller?  Or must we generate a C.S.R. wit the new Wireless controller?
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
Best to start by defining what "Wireless controller" might mean. Maybe you mean a WiFi router or repeater or hub.

And the way you do this is, as mentioned above.

1) You'll create a DNS entry so your device can be referenced by name + resolved to an IP.

2) Create either a simple cert to cover the one host name for this device (like wifi-do-dad.foo.com) or create a Wildcard cert to cover all hosts on the foo.com domain.

Tip: https://LetsEncrypt.org has provided free SSL certs for many years now. I use their certs for 1000s of sites (hosts, domains, simple certs, wildcard certs).
PkafkasNetwork EngineerAuthor Commented:
The "Wireless Controller" is the brains that hold all of the configuration of the Wireless Network at each Company Site.  The Access Points connected on the same WiFI VLan look to the Local "Wireless Controller" for the required configuration and network routing.

The Access Points essentially authenticate the Wireless device and tunnel the connection to the Controller for network routing.  The Local Wireless Controller also distributes Private DHCP Addresses to the Guest Clients.  These Private IP addresses are not found anywhere on the corporate network and are blocked from getting access to the corporate network.

Since our current production wifi controller has a thawte certificate representing wlan.company.com and that is what guest clients see when they see the guest captive portal page, we will need to create a new digital certificate for the wlan.comany.com for our new Wireless Controllers.  BEcause right now the New Wirless Guest Captive Portal is showing https://IP_of_Controller/cgi-bin/Login?...  I would prefer the captive portal not to show the IP address of the new controller.

It sounds as if we just need to create a new SSL Certificate, from somewhere and what does that involve?  Will we need to generate a C.S.R.  I am not familiar with the process?  If we do this will the production controller's certificate become un-usable even though the expiration date has not been reached?  

How do we create a simple certificate for this process?

What will that mean to the certificate that is being used on the production device?
AntzsInfrastructure ServicesCommented:
You will need to purchase a new certificate from Thawte(or any other Certificate Authority) and install it on your New Controller.  Before you can get the certificate, you will need to login to your New Controller and generate a CSR to be provided to the CA for them to issue you a certificate.  

There should be an option in your Wireless Controller to generate the CSR.  I am using a FortiGate Wireless Controller and the CSR generation looks like the below.
Untitled.jpg
The new certificate will not in any way impact your current certificate.  The certificates are all independent of each other.  So it will not affect the current production certificate.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
ssl cert

From novice to tech pro — start learning today.