Security warning over https captiveportal access



  • hello, in the captive portal https config says,

    HTTPS server name: mycompany.edu.br
    "This name will be used in the form action for the HTTPS POST and should match the Common Name (CN) in the certificate (otherwise, the client browser will most likely display a security warning). Make sure captive portal clients can resolve this name in DNS and verify on the client that the IP resolves to the correct interface IP on pfSense."

    Even if I correctly configure the CN and have a valid certificate, our clients receive the "security warning". To correct set up the certificate I followed this tutorial.

    captiveportal configs:
    wan: public IP
    lan: invalid IP
    Dns forwarder active with the host overrides configured with the host, domain and IP of our captive portal.

    Is there a setting so that this "security warning" does not appear?



  • @empbilly:

    lan: invalid IP

    Great !
    You now you broke it - and you are questioning why ?  ;)

    @empbilly:

    Is there a setting so that this "security warning" does not appear?

    This 'settings' is present in every browser - and you can't do anything on pfSense to suppress it … except :
    Use a signed and recognized certificate, that a browser will trust by default.

    I'm using signed and trusted certificates for years now on my captive portal.
    I used the same tutorial as you did.

    It's easy.
    I have a domaine name "my-domaine.tld".
    The interface (OPT1) on my pfSense box has IP (valid of course) 192.168.2.1
    I instructed the DNS resolver (not forwarder, I prefer the resolver) that "192.168.2.1" == "portal.my-domaine.tld".
    I instructed startssl.com that "my-domaine.tld" (useless here) and sub domaine "portal.my-domaine.tld" had to be included into the certificate.
    I installed the certificate, root  and intermediate certificate from startssl.

    On the captive portal settings page, I instructed to use the startssl certificate - and set the page URL to https://portal.my-domaine.tld

    Anyway, as has been said in the tuto.
    Works.



  • I expressed myself badly.

    Lan = private IP  ;)

    This 'settings' is present in every browser - and you can't do anything on pfSense to suppress it … except :
    Use a signed and recognized certificate, that a browser will trust by default.

    OK. O beleive that my certificate isnt Trust by default. How I can check If my certificate is Trust by default?



  • @empbilly:

    …. How I can check If my certificate is Trust by default?

    When you obtain a certificate from a Trusted source ( Certificate Authority ) => https://en.wikipedia.org/wiki/Certificate_authority you'll be fine.
    The tutorial you mentioned showed you how to do it.


Log in to reply