[Chilli] SSL certificates not being trusted by clients

Eric Chaves eric at craftti.com.br
Tue May 27 04:42:21 UTC 2014


Hi folks,

I'm trying to use a comodo certificate to encrypt traffic between my
captive portal and Coova's JSON interface (on the controller) but I'm
facing a trouble where clients are not being able to verify the
controller's identity to match it's name with the SSL certificate.

It seems to me that the problem is related to how clients resolve the
controller's name to IP address but I'm not 100% sure.

To issue the controller's certificate I defined valid server name under my
domain, like "nac.mydomain.com", and in my authoritative DNS (hosted
outside of the controllers network) I added an "A record" pointing to the
controller's internal IP address (for example, 172.16.0.1).

The controller's hostname is "ctrl001" (not "nac") and coova is configured
to use google's public DNS (8.8.8.8) to resolve dns lookups.

When a client connects on the wifi and get's an IP address (like
172.16.0.25) if it queries DNS for "nac.mydomain.com", the response is
1.0.0.1 instead of 172.16.0.1 which was what I expected to see.  And if the
client pings 1.0.0.1, the controller replies with his internal IP
(172.16.0.1). I assume coova is intercepting this DNS query and somehow
it's replying with the 1.0.0.1 instead of relying on the real DNS reply. Am
I correct?

What should I do to setup the controller's name in order to have it
matching the SSL subject name?

Thanks in advance,

Eric
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.coova.org/pipermail/chilli/attachments/20140527/d3191c27/attachment.html>


More information about the Chilli mailing list