Security

Hello,

I'm seeing some strange behaviour with our Clearpass based captive portal. Even though we are using a current public certificate on the WLC and Clearpass if I connect on my Andriod phone I'm getting an error message "There is a problem with the secuity certificate for this site. The name of the site does not match the name on the certificate".

When I click "View" I can see the certificate it's complaining about is the WLC captive portal certificate that has a CN of securelogin.company.com'.

This message pops up before I even try to open a browser or click 'Sign In', essentialy all by itself.

Really confused as to why this is happeneing, I did a quick test in our lab and even when I configure the captive portal to via HTTP this still happens. Sort of like there are some background services that try and spin up a HTTPS session and are somehow running into a certificate issue.

Thanks in advance

The CN of the controllers certificate is securelogin.<client domain>.

When I associate to the SSID with my Andriod mobile, the SSID shows a message 'Checking the quality of your internet conenction' and then that error comes up without me doing anything. Then I get an error 'The name of the site does not match the name on the certificate', when I click view the CN is identical to my captive portal certificate: securelogin.<client domain>.

Could it be that you try to redirect HTTPS traffic (port 443)?

Check this article on why it is expected behavior to see certificate warnings in that case.