Hello,
I need to remove the browser warning,SSL untrusted, when Wireless clients land on the splash page for the login .
I want to buy a certificate, however when generating the CSR from the cnmaestro page I do not know what to put in the CN because the URL is like
https://192.168.1.10/cn-cltr/splash/cnmaestro/Captive_Portal/access.html?ga-ap=AP MAcaddress/…
some certification authority do not want local IP address in the CN
Regards,
Maybe it is stupid but force http to splash page 
This is probably a silly question, but do you have a fully-qualified domain name for your on-premises instance?
No, how do you configure that in CnMaestro?
I don’t believe you need to configure it in cnMaestro (@Jordan, please correct me if I’m wrong).
I think you just need to register a name for the server in DNS that resolves to 192.168.1.10, then you can generate a CSR for that name.
From what I understand @Simon_King that is correct. Configure your DNS server (separate from cnMaestro) to resolve a domain name to your On-Premises IP, which should be static.
I’m not sure if there are any issues when buying a certificate for a domain name in your local DNS server.
There’s no reason they should care whether it’s a local DNS server or the public DNS, but they will require you to prove that you own the domain. This is often done by creating a special entry in the public DNS.
4 posts were split to a new topic: How to fix certificate errors in cnMaestro Cloud with third-party guest access portals
Hello,
On the end we found a specific setting in the CnMaestro on premises that fit for purpose. Is the “Guest Portal Hostname/IP” . Before was set with the local cnmaestro IP address and that’s why you get the URL
https://192.168.1.10/cn-cltr/splash/cnmaestro/Captive_Portal/access.html?ga-ap=AP
If you put an hostname still will not work as browser throws error :ERR_NAME_NOT_RESOLVED. We set up DNS service on a local Windows Server Machine to resolve the cnmaestro1234 in an IP. Configured the AP to use the internal DNS. Finally the guest portal page is https://cnmaestro1234/
and we are going to buy a certificate for that CN=hostname1234
Regards,
Ah, OK, I’m glad you found that setting.
I would be surprised if you could buy a certificate with a bare hostname though - I think you’ll need a fully-qualified domain name.
Indeed. We had to put cnmaestro1234.com (and similar) otherwise the CSR request was rejected by the SSL issuer.
I assume this is just an example, and you actually used a proper domain that you own, right? The certificate issuer is going to require you to prove that you own the domain before they give you the certificate.
