Hello Leja,
first you will have to acquire a valid certificate for the packetfence's
captive portal to avoid certicate error for self signed certificate.
(https://letsencrypt.org/)
Second thing, recent browser/devices are able to detect captive portal
like chrome (http://clients3.google.com/generate_204 ), so before trying
to go on an ssl web site the browser should present the captive portal.
Regards
Fabrice
Le 2015-12-12 17:27, Leja, Maciej a écrit :
Hello all,
Our packet fence deployment is https. Not sure how rare that is but
I’m seeing the following issue with clients getting redirected to PF
from Aruba:
When a user connects to guest wireless:
1)If he/she goes somewhere HTTP -> everything is perfect. Redirects
to packet fence, gets a green lock, we’re golden.
2) If he/she goes somewhere HTTPS, two things could happen:
- sites that use HSTS like google and reddit, browser will tell you
you can’t go there and doesn’t even have an option to bypass.
- sites that don’t use HSTS like chase for example, browser will
warn you with a cert error it expected chase.com but got packet fence
and you can skip the error and move on to packet fence.
Aruba has told me to make PF port 80 or deal with it as this is an
industry problem with the certs, which makes sense. I was just
curious are all of you (in this scenario) just dealing with the
potential of tickets/ yelling from users who had no idea they have to
go to an HTTP site to be redirected properly? Being at a university,
I fear we will get a lot of tickets, especially since google.com will
simply fail and not let you through.
Thanks!
------------------------------------------------------------------------------
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
