Security

last person joined: 8 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

ClearPass Guest redirect webpage issue to HTTPS sites

This thread has been viewed 5 times

  • 1.  ClearPass Guest redirect webpage issue to HTTPS sites

    Posted Jun 29, 2017 12:38 PM

    We have it when a user connects to guest then opens a web browser and our Acceptance policy window pops up. We have found that if the user's home page or tries to browser to www.google.com they do not get the acceptance page. But if the user goes to www.cnn.com, then the acceptance page displays. I found the only difference between www.google.com and www.cnn.com, is that Google automactically redirects to HTTPS and CNN does not. Is there anyway to change this so it works with HTTP and HTTPS?



  • 2.  RE: ClearPass Guest redirect webpage issue to HTTPS sites

    EMPLOYEE
    Posted Jun 29, 2017 12:40 PM
    They should receive a certificate error for HTTPS sites. This is normal and the browser is doing exactly what it is supposed to. On most modern versions of the various opertaing systems, a captive portal state should kick in which prompts either the default browser or a special mini browser to appear and it will attemp to connect to an HTTP-only site to trigger redirection.


  • 3.  RE: ClearPass Guest redirect webpage issue to HTTPS sites

    Posted Jan 28, 2018 12:00 PM

    I've run into this same issue too. Unfortunately as more and more sites switch to https as a default, this is becoming an increasingly common problem.

     

    -Neil

     



  • 4.  RE: ClearPass Guest redirect webpage issue to HTTPS sites

    EMPLOYEE
    Posted Jan 28, 2018 08:12 PM

    The operating system should be triggering captive portal detection behavior so you should not see any certificate errors.



  • 5.  RE: ClearPass Guest redirect webpage issue to HTTPS sites

    Posted Jan 29, 2018 10:26 AM

    I found the problem.

     

    I had “Logout popup window” enabled in the captive portal profile on the controller.

     

    That was causing the certificate error.

     

    Now things are working fine.

     

    -Neil

     



  • 6.  RE: ClearPass Guest redirect webpage issue to HTTPS sites

    Posted Jan 31, 2018 12:14 PM

    I checked but it was unchecked.



  • 7.  RE: ClearPass Guest redirect webpage issue to HTTPS sites

    Posted Jan 31, 2018 01:43 PM

    TAC took a look at the certificate. This is what they said:

    "However, this intermediate cert is not available in IOS trusted store list.   For our validation, please try with different browser from IOS device.
     
    “GeoTrust DV SSL CA - G3”
     
    For your reference, kindly follow the below link about trusted certificate list
     
    https://support.apple.com/en-in/HT208125"



  • 8.  RE: ClearPass Guest redirect webpage issue to HTTPS sites

    EMPLOYEE
    Posted Jan 31, 2018 02:27 PM
    The intermediate should be chained as part of the server cert. Only the root CA needs to be in the device’s cert store.


  • 9.  RE: ClearPass Guest redirect webpage issue to HTTPS sites

    Posted Jan 31, 2018 02:39 PM

    When I looked at the certificate, it had the cert in the following order.

    -Private Key

    -Server 

    -Intermediate

    -Root

     

    I replied to TAC that the link was talking about root certificate. But they have mentioned the intermediate.



  • 10.  RE: ClearPass Guest redirect webpage issue to HTTPS sites

    Posted Jan 31, 2018 02:40 PM

    Also told TAC that it happens on other device as well (Windows, MacOS and Android)



  • 11.  RE: ClearPass Guest redirect webpage issue to HTTPS sites

    EMPLOYEE
    Posted Jan 31, 2018 02:48 PM
    The root should not be included in the server certificate chain. Only the root needs to be present on the client.