Show Posts
1
16.1 Legacy Series / Captive Portal & https-traffic
« on: May 01, 2016, 08:40:02 pm »
Hello all,
I experienced the following behaviour of the captive portal:
a) no ssl-certificate selected: https-connections (like google) will timeout without getting redirected to the captive portal
b) default ssl-certificate selected: https-connections get redirected to the captive portal, but as the certificate is not signed, the browser will place a warning message. So this option is not feasible as all users would have to install the corresponding root certificate or always click through the browser warnings.
Question is: in the case that no ssl-certificate is selected: could the captive portal then handle https connections, redirect them to the portal (without Transport Layer Security, TLS) and then go back to the https-connection (e.g. https://www.google.com, again with TLS)? As I would like to use the captive portal only to show the terms of use together with an accept button (no username/password), no security problem is there because no passwords could be transmitted unencrypted.
Regards Johann
I experienced the following behaviour of the captive portal:
a) no ssl-certificate selected: https-connections (like google) will timeout without getting redirected to the captive portal
b) default ssl-certificate selected: https-connections get redirected to the captive portal, but as the certificate is not signed, the browser will place a warning message. So this option is not feasible as all users would have to install the corresponding root certificate or always click through the browser warnings.
Question is: in the case that no ssl-certificate is selected: could the captive portal then handle https connections, redirect them to the portal (without Transport Layer Security, TLS) and then go back to the https-connection (e.g. https://www.google.com, again with TLS)? As I would like to use the captive portal only to show the terms of use together with an accept button (no username/password), no security problem is there because no passwords could be transmitted unencrypted.
Regards Johann