redirect problem with ssl certificate



  • hi, I installed a new certificate for our quest login portal. Everything seems to be okay with that certificate.
    But I test it I have the following behaviour.
    Surfing to a website in browser redirects me to the login/register page. But I got a browser error.
    for example surfing to google.de. The browser says unable to verifity the identity of the server "google.de"
    which is clear because the certificate of our portal has a diffrent url (hotspot.mycompany.com)
    Can anybody tell me how to fix this?

    Thank you in advance



  • @tennesse said in redirect problem with ssl certificate:

    Can anybody tell me how to fix this?

    There is no fix.
    For the simple reason that a fix isn't needed.

    See for yourself :
    Disconnect you device (PC, Phone, whatever) from your network. Do this be disconnecting the Wifi, or rip out the network cable.
    Wait several seconds.
    Connect your device again.
    What happens now, without you being able to see anything *** : you will see a message that special action is needed, or a browser opens that brings you to the captive portal login page.
    This is independent to the URL that you wanted to visited initially.

    With default OS settings (if those exists) and default browser settings, this always works.

    ** you could see what happens : when send your pfSense logs to a remote syslog server, you will see that, as soon as the connection comes up, the device obtains an IP (and mask, gateway, DNS, etc) from pfSense. Then it will throw out a basic http (not https) !! request - for an Apple device this is " http://captive.apple.com/hotspot-detect.html " (click on the link !) : this link should bring back the word "Success" - if so, the device knows that it's connected directly to the Internet, and no more actions are needed. If not, a captive portal is presumed, and the user is notified. The OS opens a browser, and this browser repeats the " http://captive.apple.com/hotspot-detect.html " URL, and get's redirected to the login page.
    Note that the original requested link was added as an URL parameter (your www.google.de), after successful authentication you will be redirected that that URL : the connections is unblocked and www.google.de shows up.

    Windows based system popup a message at least - or open the default browser.
    From what I know, recent Android systems also work now.

    Note : the captive portal facility is something that is supported by your device. people tend to think that pfSense is "doing the work", but it's only blocking (all) requests - and redirecting them to the internal web server. These should be "browser" requests - for example, fat mail client won't be able to trigger a login screen ^^

    edit : I'm using a certificate portal.brit-hotel-fumel.net - and people (complete strangers for me) connect just fine using any possible device.


Log in to reply