Is the captive portal safe? (it's HTTP by default)

Forum|Forum|3 years ago
March 30, 2023
2 replies
1405 views

I want to use FortiGate captive portal for my wifi users (Windows RADIUS authentication). I tested it out and it works perfectly. My only concern is that the captive portal itself is HTTP. Isn't that bad? Someone can potentially steal a user's AD account UN and PW. I can't make it HTTPS because it's a private IP. And I cannot enforce the BYOD users to install a self-signed certificate.

How many of you use the captive portal? What do about it being HTTP? or am I missing something here?

FortiGate

adambomb1219

SuperUser

Get a public certificate and install that on the FortiGate.

gfleming

Staff

You can absolutely make it HTTPS even though it's a private IP. You just need to buy a certificate from a public authority like VeriSign, LetsEncrypt, etc.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded