Description
This article describes that Captive Portal page is slow to build when Portal is secured with SSL Certificate.
If the Captive Portal is secured using a third party SSL Certificate, browsers need to be able to validate the authenticity of that certificate.
This is done using CRL and OCSP protocols and requires external network access to various Certificate Authority (CA) sites.
NAC acts as the DNS server for hosts in isolation (Registration, Remediation,etc).
Therefore, it is important that certain domains are able to resolve while in isolation.
Otherwise, certificate validation will fail to complete.
This can cause the page to be very slow to build, or not build at all (depending upon the web browser and its security settings).
To verify whether or not the Portal is using a Third Party SSL Certificate:
Login to the Administration UI.
For version 8.x:
Got to System -> Security Settings -> Portal SSL.
For version 9.x:
Go to Portal -> Portal SSL.
Solution
To provide appropriate IP resolution to isolated devices for completing SSL certificate authentication, the Allowed Domains List may need to be updated to include the appropriate domains.
To identify domains that may need to be added, refer to the related KB article:
