Hi everyone. So I set up a policy based captive portal authentication
(not configured at interface level). I forced HTTPS login page, assign
an authentication certificate (a valid GlobalSign wildcard certificate
for *.unap.cl) and set authentication ...
emnoc wrote:So in the unap cert do you have the intermediates? What I
would do from a curl standpoint I didn't add intermediate and root CA
certificates to foritigate. I added them according to this tutorial
https://video.fortinet.com/video/159/insta...
Fishbone wrote:You can check actually, once you get cert warning.
Display certificate and look for SANs. If the original site's FQDN is
not there, it's likely the cause. The original FQND won't be indicated,
because is a wildcard certificate
Fishbone wrote:Maybe you have missed my response.yes I did, sorry. Ok I
did try curl (good advise by the way) and this is the output. ~$ curl -v
www.google.cl* Rebuilt URL to: www.google.cl/* Trying 64.233.186.94...*
TCP_NODELAY set* Connected to www...
Fishbone wrote:Hi UNAP,if that works in FF, I assume redirection is
setup properly from your side. Meaning you have properly setconfig user
setting set auth-ca-cert end yes, correct SSL is
set. config user setting set auth-cert "*.unap.cl" set auth-...
Anyone? ... I still don't know why just Firefox accept the certificate
as valid. At first I thought that is was using an old version of TLS (so
some web browsers didn't accept it), but I can confirm that TLS 1.2 is
used for transmission.Is there any ...
