Captive Portal issue with SSL certificate and generate_204

[km_]

Hi! We have the problem with the certificate, also discussed here and maybe somewhere else. I have correct SSL setup with Captive Portal and it worked fine before some update (cant tell specifically which and when).

The main problem cause is this site:
https://connectivitycheck.gstatic.com/generate_204
or https://msftconnecttest.com
or some other device online checking urls.

It is not allowed, so it redirects back to hotspot login like this, for example:
https://hotspot.domain:8000/index.html?redirurl=connectivitycheck.gstatic.com/generate_204

...and this causes problem with the certificate as it tries to use local certificate for the gstatic.com site. Devices which doesn't use this generate_204 link, work fine.  Anyway - before the updates this behavior was correct. It's possible to connect, but there are certificate errors everywhere.

Edit: I'm starting to wonder if this is the issue, because using Firefox always likes the certificate and Chrome does like it only when already logged in. Perhaps this is something certificate itself related

EditV2: In the end I had now to include FULL CA certificate and Chrome based browsers started accepting it now. Guess its some update in Chrome that changed something.

This can be closed.