Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    redirect problem with ssl certificate

    Captive Portal
    2
    2
    321
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tennesse
      last edited by

      hi, I installed a new certificate for our quest login portal. Everything seems to be okay with that certificate.
      But I test it I have the following behaviour.
      Surfing to a website in browser redirects me to the login/register page. But I got a browser error.
      for example surfing to google.de. The browser says unable to verifity the identity of the server "google.de"
      which is clear because the certificate of our portal has a diffrent url (hotspot.mycompany.com)
      Can anybody tell me how to fix this?

      Thank you in advance

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @tennesse
        last edited by Gertjan

        @tennesse said in redirect problem with ssl certificate:

        Can anybody tell me how to fix this?

        There is no fix.
        For the simple reason that a fix isn't needed.

        See for yourself :
        Disconnect you device (PC, Phone, whatever) from your network. Do this be disconnecting the Wifi, or rip out the network cable.
        Wait several seconds.
        Connect your device again.
        What happens now, without you being able to see anything *** : you will see a message that special action is needed, or a browser opens that brings you to the captive portal login page.
        This is independent to the URL that you wanted to visited initially.

        With default OS settings (if those exists) and default browser settings, this always works.

        ** you could see what happens : when send your pfSense logs to a remote syslog server, you will see that, as soon as the connection comes up, the device obtains an IP (and mask, gateway, DNS, etc) from pfSense. Then it will throw out a basic http (not https) !! request - for an Apple device this is " http://captive.apple.com/hotspot-detect.html " (click on the link !) : this link should bring back the word "Success" - if so, the device knows that it's connected directly to the Internet, and no more actions are needed. If not, a captive portal is presumed, and the user is notified. The OS opens a browser, and this browser repeats the " http://captive.apple.com/hotspot-detect.html " URL, and get's redirected to the login page.
        Note that the original requested link was added as an URL parameter (your www.google.de), after successful authentication you will be redirected that that URL : the connections is unblocked and www.google.de shows up.

        Windows based system popup a message at least - or open the default browser.
        From what I know, recent Android systems also work now.

        Note : the captive portal facility is something that is supported by your device. people tend to think that pfSense is "doing the work", but it's only blocking (all) requests - and redirecting them to the internal web server. These should be "browser" requests - for example, fat mail client won't be able to trigger a login screen ^^

        edit : I'm using a certificate portal.brit-hotel-fumel.net - and people (complete strangers for me) connect just fine using any possible device.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.