Captive Poral Https Help

  • Hi

    Does anyone have a good turtorial for the Captive Portal Https Login ? I have searching and have not found a solution yet. Got the server and certificate fields setup , but what else is required  ?


  • Hau!

    just did it here

    you must have openssl installed
    in my linux box I did:

    root@linux#> openssl req -new -nodes > cert.csr

    Answer the questions and when Common Name (CN) is required type the pfsense machine name and make sure captive portal clients can resolve this name in DNS. So probably you´ll need to update you DNS server config.

    Common Name (eg, YOUR name) []:

    after that 2 files will be created –> cert.csr and privkey.pem

    then you do:

    openssl x509 -in cert.csr -out cert.pem -req -signkey privkey.pem -days 999

    and a third file will be created --> cert.pem

    In captive portal properties page you enable HTTPS Login, fill "HTTPS server name" with the same name you  typed in CN above.

    Again in linux box you type:

    root@linux#> cat cert.pem

    copy and paste all the output in "HTTPS Certificate" --> including ---- BEGIN CERTIFICATE and ---- END CERTIFICATE

    Again in linux box you type:

    root@linux#> cat privkey.pem

    copy and paste all the output in "HTTPS Private Key" --> including ---- BEGIN RSA PRIVATE KEY and ---- END RSA PRIVATE KEY

    last step is to change the captive portal page content and change address to https:// and port to 8001

    FORM action=

    SAVE and test

    now before load captive portal authentication page will be shown a warning about HTTPS conection and you can see the padlock down the browser.

    thats it

  • You can also reuse the cert from system -> advanced but its a much better idea to create your own.

  • Any suggestion for those of us that don't have a linux box available?

  • to answer my own question…I think...unless there is something wrong with this method that I am unaware of...

    I decided to see what Mr. Ullrich meant by reuse the cert so I went in there and found that there is a way to create them. 
    There is a link in the word create in the middle of the webGUI SSL certificate/key section.
    as long as you fill out every field in there you will get a matching combo.

Log in to reply