Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ah10
New Contributor

Created on ‎07-21-2014 07:06 AM

Captive Portal Authentication on a Guest WiFi

I configured for our guest wifi access an own SSID. The wireless controller is a Fortigate 60D firmware v5.2.0,build0589 (GA). It is working very well if the guests which are connecting to it have a http website configured a HTTP website as their homepage in the standard browser. If they have configured a HTTPS website as their homepage they always receive a certificate error. The certificate which is used is configured via User & Devices --> Authentication --> Settings. Is there a way to get ride of this certification error message? Do somebody use a similar working configuration for their guest access?
Preview file
86 KB
9572
0 Kudos
5 REPLIES 5
Bromont_FTNT
Staff
Staff

Created on ‎07-21-2014 07:13 AM

Captive portal works by hijacking the connection to the requested page and present the portal.... Unless you have a way to install the certificate on each Guest client before they connect then you' ll always end up with the cert warning.
1980
0 Kudos
ah10
New Contributor
In response to Bromont_FTNT

Created on ‎07-21-2014 07:19 AM

I guess for installing the certificate I would need physical access to each device before, that is not possible... I tried using with a public wild card certificate. But in that case I would need to redirect the captive portal on the client to the domain with the certificate. At the moment it always opens the captive portal with the IP of the controller in the address list. Is there a way to solve that problem like that?
1980
0 Kudos
Bromont_FTNT
Staff
Staff

Created on ‎07-21-2014 07:23 AM

Well the main issue is that the browser is expecting to see a signed certificate for the website it is trying to reach. If a guest browser has https://www.facebook.com as its homepage then it will be expecting the certificate CN to match facebook.com and be signed by a CA in its list of trusted certs.
1980
0 Kudos
ah10
New Contributor

Created on ‎07-21-2014 07:42 AM

I do not understand then, how it is working in hotels. Because usually I get also an user name and password for authenticating, and even if my homepage is https://www.facebook.com, I am not getting a certicate error. It is maybe not an authentication topic any more, but in the SSID configuration there is an option called External Authentication Portal. Is that maybe something which could help in my case? Which external Authentication Portals are working together with FortiGate?
Preview file
145 KB
1980
0 Kudos
Bromont_FTNT
Staff
Staff

Created on ‎07-21-2014 07:48 AM

I' ll have to let someone else take over here as I myself have never been able to authenticate to public wifi portals if my browser tries first going to HTTPS sites.
1980
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.