Link to home
Start Free TrialLog in
Avatar of Pkafkas
Pkafkas

asked on

How to associate a Domain Name with a hardware Devie's IP address?

Digital Certificates have been a mystery to me.  I am starting to understand them better with more exposure to them; but....

 I want to understand how I can associate w Domain name for my work's Wireless Controller (Wlan.Company.com) with the new Wireless controller?  Right now my manager uploaded something to the Wireless controller so I can type https://City.Wlan.company.com and arrive to the Wireless controller's administrator web page.

The same wireless controller provides a captive portal for Guest WiFi.  The Guest WiFi web portal currently shows https://Controller_IP_Address/cgi...welcome?  I would like to have the Domain_Name = Wlan/Company.com    show up in the web address instead of the Controller's IP address.

How can we make this happen?  I think we have a digital certificate; but, I think it is something that we created at the company.
Avatar of Antzs
Antzs
Flag of Malaysia image

You will need to add an entry to your DNS Server, to associate the domain name to an IP Address.  The DNS Server can either be hosted internally or externally.

If you have access to the Wireless controller, you can look at the configuration there and see what is configured in the DNS section.  That will be your DNS servers.
Avatar of Pkafkas
Pkafkas

ASKER

I was told by the wireless controller vendor that we will need to get a SSL Certificate from a Certificate Authority.  The captive portal is for guest access and is not using IP addresses on our company network.

There must be another way.
To associate the domain name to the IP address you dont need a certificate.  The certificate is needed for your captive portal so that when guests' connects to your wifi and get the Guest WiFi web portal they will not get the prompt saying that your website is unsecured or your website certificate is untrusted.
Avatar of Pkafkas

ASKER

What if the domain name such as City.wlan.Company.com will not be on an IP address in our company network?  

The Wireless Controller will serve as a DHCP router to the guest wireless clients and those IP addresses distributes to client devise  (private IP's) are blocked from connecting to the corporate network?  

In the past when I needed to assign a domain name to a public web site such as a Citrix Remote Access or Email Domain for Exchange I used a public IP address from our Internet Service Provider and made the appropriate firewall rules.  I would also use an SSL Certificate from a C.A. to assign to that Domain Name.

Now, I am trying to associate a Domain Name to an IP address (wireless controller) that is on our company network that will distribute Private IP addresses to clients in an internet only VLan.

The instructions state (page287)
"The Aruba managed device is designed to provide secure services through the use of digital certificates. The
server certificate is installed on the managed device through the Mobility Master. A server certificate installed in
the managed device verifies the authenticity of the managed devices for captive portal."
Server-Certificate.docx
Avatar of Pkafkas

ASKER

It appears that we do have a digital certificate from Thawte regarding wlan.company.com
It is currently being use don our production wireless controller.

Does that mean that we cannot use the same certificate on the new controller?  Or must we generate a C.S.R. wit the new Wireless controller?
Best to start by defining what "Wireless controller" might mean. Maybe you mean a WiFi router or repeater or hub.

And the way you do this is, as mentioned above.

1) You'll create a DNS entry so your device can be referenced by name + resolved to an IP.

2) Create either a simple cert to cover the one host name for this device (like wifi-do-dad.foo.com) or create a Wildcard cert to cover all hosts on the foo.com domain.

Tip: https://LetsEncrypt.org has provided free SSL certs for many years now. I use their certs for 1000s of sites (hosts, domains, simple certs, wildcard certs).
Avatar of Pkafkas

ASKER

The "Wireless Controller" is the brains that hold all of the configuration of the Wireless Network at each Company Site.  The Access Points connected on the same WiFI VLan look to the Local "Wireless Controller" for the required configuration and network routing.

The Access Points essentially authenticate the Wireless device and tunnel the connection to the Controller for network routing.  The Local Wireless Controller also distributes Private DHCP Addresses to the Guest Clients.  These Private IP addresses are not found anywhere on the corporate network and are blocked from getting access to the corporate network.

Since our current production wifi controller has a thawte certificate representing wlan.company.com and that is what guest clients see when they see the guest captive portal page, we will need to create a new digital certificate for the wlan.comany.com for our new Wireless Controllers.  BEcause right now the New Wirless Guest Captive Portal is showing https://IP_of_Controller/cgi-bin/Login?...  I would prefer the captive portal not to show the IP address of the new controller.

It sounds as if we just need to create a new SSL Certificate, from somewhere and what does that involve?  Will we need to generate a C.S.R.  I am not familiar with the process?  If we do this will the production controller's certificate become un-usable even though the expiration date has not been reached?  

How do we create a simple certificate for this process?

What will that mean to the certificate that is being used on the production device?
ASKER CERTIFIED SOLUTION
Avatar of Antzs
Antzs
Flag of Malaysia image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial