Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Captive Portal is still not working.

    2.1 Snapshot Feedback and Problems - RETIRED
    7
    21
    6.6k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dhatz
      last edited by

      @cmb:

      Using wildcard certs doesn't help with the main problem, you can't get a wildcard cert on any domain. eg the interception of say https://google.com can't not produce a cert error.

      Absolutely, it only makes sense if you've somehow first imported your own root CA cert into all the clients' certificate store. Given that, in the previous example the ZS CP will create the "correct" SSL cert on the fly, based on what the client asked for.

      @dhatz:

      There are several features of commercial CP implementations that could be added to enhance pfsense, such as auto-adding OCSP URLs of the CP's SSL cert to a whitelist ("walled garden")

      which we already have in private versions, amongst many other features. May or may not get open sourced at some point.

      Perhaps you should hint at these private versions, or people will go look elsewhere …

      Anyway, wrt the CP, probably the most useful feature (in a commercial context) would be PMS integration.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.