How to associate a Domain Name with a hardware Devie's IP address?

Pkafkas
Pkafkas used Ask the Experts™
on
Digital Certificates have been a mystery to me.  I am starting to understand them better with more exposure to them; but....

 I want to understand how I can associate w Domain name for my work's Wireless Controller (Wlan.Company.com) with the new Wireless controller?  Right now my manager uploaded something to the Wireless controller so I can type https://City.Wlan.company.com and arrive to the Wireless controller's administrator web page.

The same wireless controller provides a captive portal for Guest WiFi.  The Guest WiFi web portal currently shows https://Controller_IP_Address/cgi...welcome?  I would like to have the Domain_Name = Wlan/Company.com    show up in the web address instead of the Controller's IP address.

How can we make this happen?  I think we have a digital certificate; but, I think it is something that we created at the company.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
AntzsInfrastructure Services

Commented:
You will need to add an entry to your DNS Server, to associate the domain name to an IP Address.  The DNS Server can either be hosted internally or externally.

If you have access to the Wireless controller, you can look at the configuration there and see what is configured in the DNS section.  That will be your DNS servers.
PkafkasNetwork Engineer

Author

Commented:
I was told by the wireless controller vendor that we will need to get a SSL Certificate from a Certificate Authority.  The captive portal is for guest access and is not using IP addresses on our company network.

There must be another way.
AntzsInfrastructure Services

Commented:
To associate the domain name to the IP address you dont need a certificate.  The certificate is needed for your captive portal so that when guests' connects to your wifi and get the Guest WiFi web portal they will not get the prompt saying that your website is unsecured or your website certificate is untrusted.
Fundamentals of JavaScript

Learn the fundamentals of the popular programming language JavaScript so that you can explore the realm of web development.

PkafkasNetwork Engineer

Author

Commented:
What if the domain name such as City.wlan.Company.com will not be on an IP address in our company network?  

The Wireless Controller will serve as a DHCP router to the guest wireless clients and those IP addresses distributes to client devise  (private IP's) are blocked from connecting to the corporate network?  

In the past when I needed to assign a domain name to a public web site such as a Citrix Remote Access or Email Domain for Exchange I used a public IP address from our Internet Service Provider and made the appropriate firewall rules.  I would also use an SSL Certificate from a C.A. to assign to that Domain Name.

Now, I am trying to associate a Domain Name to an IP address (wireless controller) that is on our company network that will distribute Private IP addresses to clients in an internet only VLan.

The instructions state (page287)
"The Aruba managed device is designed to provide secure services through the use of digital certificates. The
server certificate is installed on the managed device through the Mobility Master. A server certificate installed in
the managed device verifies the authenticity of the managed devices for captive portal."
Server-Certificate.docx
PkafkasNetwork Engineer

Author

Commented:
It appears that we do have a digital certificate from Thawte regarding wlan.company.com
It is currently being use don our production wireless controller.

Does that mean that we cannot use the same certificate on the new controller?  Or must we generate a C.S.R. wit the new Wireless controller?
David FavorFractional CTO
Distinguished Expert 2018

Commented:
Best to start by defining what "Wireless controller" might mean. Maybe you mean a WiFi router or repeater or hub.

And the way you do this is, as mentioned above.

1) You'll create a DNS entry so your device can be referenced by name + resolved to an IP.

2) Create either a simple cert to cover the one host name for this device (like wifi-do-dad.foo.com) or create a Wildcard cert to cover all hosts on the foo.com domain.

Tip: https://LetsEncrypt.org has provided free SSL certs for many years now. I use their certs for 1000s of sites (hosts, domains, simple certs, wildcard certs).
PkafkasNetwork Engineer

Author

Commented:
The "Wireless Controller" is the brains that hold all of the configuration of the Wireless Network at each Company Site.  The Access Points connected on the same WiFI VLan look to the Local "Wireless Controller" for the required configuration and network routing.

The Access Points essentially authenticate the Wireless device and tunnel the connection to the Controller for network routing.  The Local Wireless Controller also distributes Private DHCP Addresses to the Guest Clients.  These Private IP addresses are not found anywhere on the corporate network and are blocked from getting access to the corporate network.

Since our current production wifi controller has a thawte certificate representing wlan.company.com and that is what guest clients see when they see the guest captive portal page, we will need to create a new digital certificate for the wlan.comany.com for our new Wireless Controllers.  BEcause right now the New Wirless Guest Captive Portal is showing https://IP_of_Controller/cgi-bin/Login?...  I would prefer the captive portal not to show the IP address of the new controller.

It sounds as if we just need to create a new SSL Certificate, from somewhere and what does that involve?  Will we need to generate a C.S.R.  I am not familiar with the process?  If we do this will the production controller's certificate become un-usable even though the expiration date has not been reached?  

How do we create a simple certificate for this process?

What will that mean to the certificate that is being used on the production device?
Infrastructure Services
Commented:
You will need to purchase a new certificate from Thawte(or any other Certificate Authority) and install it on your New Controller.  Before you can get the certificate, you will need to login to your New Controller and generate a CSR to be provided to the CA for them to issue you a certificate.  

There should be an option in your Wireless Controller to generate the CSR.  I am using a FortiGate Wireless Controller and the CSR generation looks like the below.
Untitled.jpg
The new certificate will not in any way impact your current certificate.  The certificates are all independent of each other.  So it will not affect the current production certificate.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial