HTTPS doesn't work from Firefox with Captive Portal enabled.



  • Hi guys,

    Anybody experience this problem?

    Thank you.



  • Mine does …..

    I'm using the latest pfSense version.

    2.3.1-RELEASE-p5 (amd64)
    built on Thu Jun 16 12:53:15 CDT 2016
    FreeBSD 10.3-RELEASE-p3
    

    If you are also running the latest version, then we'll agree both to the fact that we are running exactly the same code.
    The only difference is the ….. setup !!! (mine is ok, I just proved it).

    This is less important :
    I checked "Login Enable HTTPS login" (although this only enforces https login ...)
    Of course, I set a valid domaine name : "portal.brit-htl-fml.net" and I'm using a signed and valid certificate for "portal.brit-htl-fml.net" which all browser accept as valid.

    Maybe it's time to detail your question.



  • i use the latest version:
    2.3.1-RELEASE-p5 (amd64)
    built on Thu Jun 16 12:53:15 CDT 2016
    FreeBSD 10.3-RELEASE-p3

    Enable HTTPS login is unchecked , but HTTPS work from Chrome and Explorer but doesn't work from Firefox.



  • @Artemiy:

    Enable HTTPS login is unchecked , but HTTPS work from Chrome and Explorer but doesn't work from Firefox.

    Could this be a (understandable) navigator issue ?

    If the user opens his browser, with a default home page like https://www.google.com it (Firefox) doesn't allow to be redirected to a http://your-portal-page ?
    Just to protect 'the user' and to enforce the 'ssl' connection asked for : https://www.google.com = Ok, all the others, non-ssl http like the portal page => No way.

    I'll deactivate my https login tomorrow, and use a PC the check (using a https default home page).



  • Exactly , only https fron Firefox doesn't work , other browsers are good.



  • …. and the default home page was ?????
    A https:// site ?
    A http;// site ?
    None ?





  • @Artemiy:

    https://google.com or https://facebook.com

    Publish the golden rule for your visitors : never ever use a https site when you are connecting to a unknown (== captive portal) network.
    Users want a protected one-to-one connection, that is understandable.
    But you are using the captive portal - so users will be redirected from the site they want to visit, to the site where they have to authenticate first (pFsense).
    This is against de 'https' rules
    See it this way : Firefox is right.
    Users ARE warned that they didn't land on their https …
    This is another way to protect a users from a "man in de middle attack" - this time its clearly shown by the navigator.

    If I was visiting https://my-bank-site.tld and another site sghows up instead (even emulating my banks site very well) and my navigator still accepts the connection, I would DITCH these browser.