Skip to main content
Storyteller
Storyteller
New Member
February 8, 2018
Question

Captive portal and certificates

  • February 8, 2018
  • 1 reply
  • 22578 views

Today, without doing anything my captive portals does not work anymore.

Both IE and Chrome give me a message about wrong certificate but after I force a reconnect I cannot access to login page. 

The page seems expired (I think it is really expired because of IE and Chrome reconnection).

With Firefox I can add the exception and after that it works.

 

I suppose that IE and Chrome stops the session thinking about a Man in the Middle attack and ask me for a confirm. When I confirm they reload the page but the Captive portal session is meantime expired and the page is not reachable.

With Chrome if I try to open a HTTP site without HSTS it works (no man in the middle detection).

 

My two captive portals work on two private network 10.40.... and 10. 41.... and the portal is in these LAN. How can I solve my problem? I assume the computers connected being guest computer without chance to install some certificate or private CA auth. 

 

Graziano.

    1 reply

    leif_erikson
    leif_erikson
    New Member
    May 17, 2018

    We also have the same problem, so many users are complaining. Does anyone have a solution to this?

     

    FG-500D v5.2.3,build670 (GA)

    Storyteller
    StorytellerAuthor
    New Member
    May 17, 2018

    In IE I must insert the site in trusted site and after several attempts (restarting IE) it shows me login page. Then I can login.

     

    But this is a workaround...

     

    Regards,

    Graziano.

    Fishbone_FTNT
    Staff
    Fishbone_FTNT
    Staff
    May 23, 2018

    Hi all,

    somehow I missed this thread. Chrome (and I suppose also others will be following) started to require SAN DNS in certificate for hostname check. In older releases, you can add your own certificate in auth portal (with correct FQDN in cert DNS SAN), or you can use 5.6.x, which will generate auth portal certificate on its own.

     

    Do a simple check: see details of untrusted certificate. If it's missing Subject Alternative Name DNS which matches your auth portal FQDN, then it's this what I am talking about.

     

    Regards,

     Fishbone)(

    Terms & ConditionsAccessibility statement