Hi guys!
I've been doing captive portal redirect using HTTP for ages, but failrly recently some of these solutions have started to trigger a security error in the auto-login popup on Android 7 clients of the type "Certificate not valid. Are you sure you want to connect to this network". That seems odd since there should be no HTTP in play here during the redirect. Note that I'm triggering the redirect using a http URL.
More specifically it happens when the redirect page is on Clearpass 6.6.7. I haven't been able to reproduce the issue on an old test Amigopod, and haven't tested it on older 6.6.x Clearpass installations since most are upgraded to 6.6.7..
Looking at the data I see that sure enough - there is traffic triggered from the client to Clearpass port 443 during the redirect.
If I do a redirect to an external website that is http - no error.
If I redirect to a Clearpass 6.6.7 page that doesn't have a form (like default terms.php) - still cert error
If I turn off Android auto popup by whitelisting "connectivitycheck.gstatic.com" neither Chrome nor Firefox triggers a certificate error.
So... To summarize - I get the cert-error within Android 7 Auto-login popup when I redirect to a Clearpass 6.6.7 webpage. I don't get the error on any other client, on any other non-Clearpass 6.6.7 webpages nor if I turn off auto-login popup on Android.
So my question would be - what is special with Clearpass 6.6.7 in this Android auto-login scenario that cause the cert-error?