So I've got a wildcard certificate formed as follows:
CN: host.domain.tld
SAN1: host.domain.tld
SAN2: *.domain.tld
host.domain.tld is NOT the controller, this is another actual server. The controller should respond to captiveportal-login.domain.tld.
I was trying to use (the wildcard portion of) this certificate on the controller for captive-portal auhentication.
Now, this works. Guests get this valid certificate presented so no more cert errors.
What is problematich however is that wireless users on the secure (non-guest) ssid, trying to access the server at https://host.domain.tld get redirected to https://host.domain.tld:4343 by the controller. The ip address also changes from the actual host to the controllers guest interface.
I understand that the controller graps traffic for that CN for itself for guest users, but why is it intercepting dns requests for users on other SSID's?!
Is this expected behaviour or what am I missing here?