I need to remove the browser warning,SSL untrusted, when Wireless clients land on the splash page for the login .
I want to buy a certificate, however when generating the CSR from the cnmaestro page I do not know what to put in the CN because the URL is like
some certification authority do not want local IP address in the CN
Maybe it is stupid but force http to splash page
This is probably a silly question, but do you have a fully-qualified domain name for your on-premises instance?
No, how do you configure that in CnMaestro?
I don’t believe you need to configure it in cnMaestro (@Jordan, please correct me if I’m wrong).
I think you just need to register a name for the server in DNS that resolves to 192.168.1.10, then you can generate a CSR for that name.
From what I understand @Simon_King that is correct. Configure your DNS server (separate from cnMaestro) to resolve a domain name to your On-Premises IP, which should be static.
I’m not sure if there are any issues when buying a certificate for a domain name in your local DNS server.
There’s no reason they should care whether it’s a local DNS server or the public DNS, but they will require you to prove that you own the domain. This is often done by creating a special entry in the public DNS.
On the end we found a specific setting in the CnMaestro on premises that fit for purpose. Is the “Guest Portal Hostname/IP” . Before was set with the local cnmaestro IP address and that’s why you get the URL
If you put an hostname still will not work as browser throws error :ERR_NAME_NOT_RESOLVED. We set up DNS service on a local Windows Server Machine to resolve the cnmaestro1234 in an IP. Configured the AP to use the internal DNS. Finally the guest portal page is https://cnmaestro1234/
and we are going to buy a certificate for that CN=hostname1234
Ah, OK, I’m glad you found that setting.
I would be surprised if you could buy a certificate with a bare hostname though - I think you’ll need a fully-qualified domain name.
Indeed. We had to put cnmaestro1234.com (and similar) otherwise the CSR request was rejected by the SSL issuer.
I assume this is just an example, and you actually used a proper domain that you own, right? The certificate issuer is going to require you to prove that you own the domain before they give you the certificate.