So, I recently set up a captive portal according to the docs, using a public certifcate. For the web-UI of the controller itself we're using a different certificate.
As expected, this works.
However, after a successful login, the captive portal server presents the wrong certificate to the client (for example. for the logout popup).
I have the cplogout policy in place, and the logout works as expected. However, once a user is logged in, the captive portal server presents the controller's web-UI certificate, not the captive portal certificate, which means the user gets a DN mismatch error.
So, without using a wildcard certificate, how can I make sure a user gets the correct cert for captiveportal-login.xxx.com for the logout popup, and not the controller's web-ui cert?