We have an issue with our guest network. Normally when a guest joins this network & attempt to access a website they are automatically directed to a company web page requesting a login in order to access internet. Once the guest password is entered access is permitted. However when using chrome (which is most of our guests) there are always certificate errors & users trying to access the guest network never get to the login page & ultimately do not get internet access. Even when I try to manually access the web page on chrome I get a certificate error. There are no issues on other browsers except for chrome.
My hunch is that this is a Chrome issue? If so does anyone know what specifically is the cause & what can be done to fix the issue?
What kind of https server certificate do you use? signed by a public PKI?
Dont use certs with greenbar extenstion.
see also https://community.arubanetworks.com/t5/Wireless-Access/HELP-Certificate-error-after-clearpass-guest-captive-portal/td-p/293432/page/2
Oops... I mixed up the https and radius certifcate requirement, my bad.
thx for your attention Tim.
NOTE: Both certificates with a wild card as the common name and Extended Validation certificates are not recommended for use as the RADIUS/EAP server certificate. Some clients may be unable to authenticate when these types of certificates are used.
I am new to SSL certificates. The issuer is Geo Trust which I found online but the users get directed to "captiveportal-login.companyname.com" I assume its a Public Cert. Can I ask why that matters, how to figure that out for sure & how knowing this will fix the issue?
possible you need to replace the public https certificate due some changes in the CA's support by Chrome. GeoTrust is on that list, but it depends on when your certificate is created.
You can also test this for your certificate here:
Cant explain that part:) But if you have to replace it for September so you can do that maybe a litlle early. You maybe can check if the signed GeoTrust CA and intermediate CA's are in the managed certificate store into Chrome settings.
If you access the webpage manually in chrome do you get te same error right ?
Generally, if you want to avoid some certificate issue, you should allow your client to access the ocsp url defined in the certificate.
The reason is that your client, when seeing a certificate with an ocsp url included, will try to contact that url to check if the certificate is revocated.
If the url is unreachable more and more browser will display a certificate issue.
Good to know. If they dont use OCSP anymore I wonder why the url is still in the cert?
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.