Wireless LAN
Wireless LAN

WebAAA dosn't work on an iPad?

12.06.11   |  
‎12-06-2011 10:49 AM

While configureing this new MX we have for a guest portal web AAA I noticed that it seems to work perfectly fine for any and all laptops that I might connect to it...... BUT.... tried to use it with and iPad and the iPad just won't connect to it at all.

 

Anyone know if there is some trick to this to make WebAA work with an ipad type device? Am I missing something here?

7 REPLIES
Wireless LAN

Re: WebAAA dosn't work on an iPad?

12.06.11   |  
‎12-06-2011 06:02 PM

I use a captive portal hosted on wlc2800s and our ipads work without issue. We do have CA signed certificates on our captive portal.

Wireless LAN

Re: WebAAA dosn't work on an iPad?

12.08.11   |  
‎12-08-2011 02:29 PM

Found some info on that in the Smartpass guide. I have no intention to use a smartpass server at all for that.... would think its still possible. The way I have it arranged at least for right now is No SSL... no security, other then local AAA.... just dosent work. One would think it would.

Highlighted
Wireless LAN

Re: WebAAA dosn't work on an iPad?

12.14.11   |  
‎12-14-2011 08:45 AM

Basically this is a matter of how those devices react on untrusted certificates in their browsers (i.e. in safari).

They just stop processing, hence you'll never see a login dialog. Most browsers will give you the chance to create an exception for an untrusted certificate, so while a PC running let's say Firefox will throw a warning it'll still allow you to override the security level.

All you need is (per my experience) ANY valid certificate which was signed by a trusted CA. It can have virtually any subject, so you might want to take one which was issued to one of your webservers. As the MX intercepts the DNS lookup you won't get a subject name warning. You can also use a wildcard certificate, in this case the MX will present itself as e.g. "star.somecompany.com".

 

Wireless LAN

Re: WebAAA dosn't work on an iPad?

12.15.11   |  
‎12-15-2011 02:24 PM

Now that makes perfect sense.

 

As far as getting a certificate working with WebAAA.... i'm just using RingMaster to get this thing going and all I really want to do is use the local authentication as this is just for my companys guest internet access.... not seeing anywhere to import any sort of server certificate and there's nothing about it in the configuration guide that I can find.

 

Don't suppose you can point me in the right direction for that?

Wireless LAN

Re: WebAAA dosn't work on an iPad?

12.15.11   |  
‎12-15-2011 04:29 PM

Figured it out myself and it was nowhere in any docs.

 

This did the trick:

 

crypto generate key web 1024

crypto generate self-signed web

Wireless LAN

Re: WebAAA dosn't work on an iPad?

12.16.11   |  
‎12-16-2011 08:40 AM

Certificate handling is likely the only job where the HTTP interface fits best. Nice environment for stuff such as importing CA and intermediate CA certs and so on. All of this can also be done from the CLI, of course.

 

Wireless LAN

Re: WebAAA dosn't work on an iPad?

12.18.11   |  
‎12-18-2011 06:31 AM

Ringmaster can also be used to upload certificates to the wireless controllers. I'd like to move to a captive portal hosted on an external server like smartpass. I think it will be easier to manage and more reliable.