Catching https requests
-
Hi
Is there anyway to show the captive portal when users are trying to access https pages? - like https://www.facebook.com
It only seems to work with normal http URLs - I am using version 2.1.2
Thanks
Felix -
Not without throwing certificate errors at your clients.
-
I know and that is fine - I mean most people will open a browser and goto to facebook or google, and without redirect on https the captive portal will never appear.
So it is possible?
Thanks
-
Just turn on the HTTPS login option in the captive portal setup. That will create the rule redirecting :443 traffic to your broken https portal page.
Opinion: I believe we as a profession should not implement anything that requires our users to click through certificate errors. Any solution that requires users to do so is no solution at all.
-
I absolutely see your point :)
I tried it, and is not working like I expected - Internet Explorer warns about the certificate twice and chrome never gets to the captive portal and the same for Firefox.
Was expecting a warning in all browsers and then continuing to the captive portal. But I suspect this is not supported in the design.
Thanks
-
The browser makers have been really tightening up certificate error behavior making it much harder to make an exception, and for good reason.
-
so till now no any solution for this issue
-
Sorry, but https/ssl/tls is designed exactly to avoid man-in-the-middle on https connections, which is exactly what your https captive portal is.
-
Sorry, but https/ssl/tls is designed exactly to avoid man-in-the-middle on https connections, which is exactly what your https captive portal is.
Got it :)
-
so what is the solution
-
There is none. Captive portals break https. Period.
