Skip to main content
ah10
ah10
New Member
July 21, 2014
Question

Captive Portal Authentication on a Guest WiFi

  • July 21, 2014
  • 4 replies
  • 12557 views
I configured for our guest wifi access an own SSID. The wireless controller is a Fortigate 60D firmware v5.2.0,build0589 (GA). It is working very well if the guests which are connecting to it have a http website configured a HTTP website as their homepage in the standard browser. If they have configured a HTTPS website as their homepage they always receive a certificate error. The certificate which is used is configured via User & Devices --> Authentication --> Settings. Is there a way to get ride of this certification error message? Do somebody use a similar working configuration for their guest access?

    4 replies

    Bromont_FTNT
    Staff
    Bromont_FTNT
    Staff
    July 21, 2014
    Captive portal works by hijacking the connection to the requested page and present the portal.... Unless you have a way to install the certificate on each Guest client before they connect then you' ll always end up with the cert warning.
    ah10
    ah10Author
    New Member
    July 21, 2014
    I guess for installing the certificate I would need physical access to each device before, that is not possible... I tried using with a public wild card certificate. But in that case I would need to redirect the captive portal on the client to the domain with the certificate. At the moment it always opens the captive portal with the IP of the controller in the address list. Is there a way to solve that problem like that?
    Bromont_FTNT
    Staff
    Bromont_FTNT
    Staff
    July 21, 2014
    Well the main issue is that the browser is expecting to see a signed certificate for the website it is trying to reach. If a guest browser has https://www.facebook.com as its homepage then it will be expecting the certificate CN to match facebook.com and be signed by a CA in its list of trusted certs.
    ah10
    ah10Author
    New Member
    July 21, 2014
    I do not understand then, how it is working in hotels. Because usually I get also an user name and password for authenticating, and even if my homepage is https://www.facebook.com, I am not getting a certicate error. It is maybe not an authentication topic any more, but in the SSID configuration there is an option called External Authentication Portal. Is that maybe something which could help in my case? Which external Authentication Portals are working together with FortiGate?
    Bromont_FTNT
    Staff
    Bromont_FTNT
    Staff
    July 21, 2014
    I' ll have to let someone else take over here as I myself have never been able to authenticate to public wifi portals if my browser tries first going to HTTPS sites.
    Terms & ConditionsAccessibility statement