Wireless LAN
Reply
Contributor
destroyer
Posts: 40
Registered: ‎10-07-2010
0
Accepted Solution

WebAAA dosn't work on an iPad?

While configureing this new MX we have for a guest portal web AAA I noticed that it seems to work perfectly fine for any and all laptops that I might connect to it...... BUT.... tried to use it with and iPad and the iPad just won't connect to it at all.

 

Anyone know if there is some trick to this to make WebAA work with an ipad type device? Am I missing something here?

Contributor
aaron.howard@uni.edu
Posts: 38
Registered: ‎12-03-2011
0

Re: WebAAA dosn't work on an iPad?

I use a captive portal hosted on wlc2800s and our ipads work without issue. We do have CA signed certificates on our captive portal.

Contributor
destroyer
Posts: 40
Registered: ‎10-07-2010
0

Re: WebAAA dosn't work on an iPad?

Found some info on that in the Smartpass guide. I have no intention to use a smartpass server at all for that.... would think its still possible. The way I have it arranged at least for right now is No SSL... no security, other then local AAA.... just dosent work. One would think it would.

Contributor
mcgyver
Posts: 16
Registered: ‎12-14-2011

Re: WebAAA dosn't work on an iPad?

Basically this is a matter of how those devices react on untrusted certificates in their browsers (i.e. in safari).

They just stop processing, hence you'll never see a login dialog. Most browsers will give you the chance to create an exception for an untrusted certificate, so while a PC running let's say Firefox will throw a warning it'll still allow you to override the security level.

All you need is (per my experience) ANY valid certificate which was signed by a trusted CA. It can have virtually any subject, so you might want to take one which was issued to one of your webservers. As the MX intercepts the DNS lookup you won't get a subject name warning. You can also use a wildcard certificate, in this case the MX will present itself as e.g. "star.somecompany.com".

 

Contributor
destroyer
Posts: 40
Registered: ‎10-07-2010
0

Re: WebAAA dosn't work on an iPad?

Now that makes perfect sense.

 

As far as getting a certificate working with WebAAA.... i'm just using RingMaster to get this thing going and all I really want to do is use the local authentication as this is just for my companys guest internet access.... not seeing anywhere to import any sort of server certificate and there's nothing about it in the configuration guide that I can find.

 

Don't suppose you can point me in the right direction for that?

Contributor
destroyer
Posts: 40
Registered: ‎10-07-2010
0

Re: WebAAA dosn't work on an iPad?

Figured it out myself and it was nowhere in any docs.

 

This did the trick:

 

crypto generate key web 1024

crypto generate self-signed web

Contributor
mcgyver
Posts: 16
Registered: ‎12-14-2011
0

Re: WebAAA dosn't work on an iPad?

Certificate handling is likely the only job where the HTTP interface fits best. Nice environment for stuff such as importing CA and intermediate CA certs and so on. All of this can also be done from the CLI, of course.

 

Contributor
aaron.howard@uni.edu
Posts: 38
Registered: ‎12-03-2011
0

Re: WebAAA dosn't work on an iPad?

Ringmaster can also be used to upload certificates to the wireless controllers. I'd like to move to a captive portal hosted on an external server like smartpass. I think it will be easier to manage and more reliable. 

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.