By Geir Leirvik, Aruba Networks Solutions Architect, Norway
During a project with a major customer we came across an issue with a somewhat not so nice error message with the following statement:
Security warning
There is a problem with the security certificate for this site
VIEW CERTIFICATE
----------------------------------
On other platforms still Android 7 – something along the lines of – You may be under attack - Cancel - Proceed (NOT Recommended).
All of this happens during the redirect to the splash page of the captive portal.
This caused some concern and after an extensive TAC case, with myriads of options being discussed, ranging from – “There is nothing we can do – Google has set it up like this” – to “Let us check what is really going on, we may have to involve Google.”
The solution and the outcome was this:
You need to whitelist the two following sites:
https://js-agent.newrelic.com
https://bam.nr-data.net
Under the splash page configuration in Aruba Central.
That being done Android 7 - should work fine and no other platforms should be adversely affected.
We have tested this with success with:
iPhone 7 – IOS 10 3.2
HTC One – Android 6
Huawei P9 – Android 7
Huawei P10 – Android 7
Samsung Galaxy 6 – Android 7
Samsung Galaxy 8 – Android 7
Samsung tablet – Android 7
MacBook Air – MacOS Sierra
HP EliteBook 840-G1 – Windows 10 (10.10586)
All the Android 7 platforms were previously affected by the issue. If you get other certificate like issues go under security – certificates – certificate usage and ensure that you either have a working default certificate or that the chosen certificate matches the URL that you are pushing the credentials to for the IAP.
Credits- Thank you for your patience and tenacity:
The customer – you know who you are – we will keep you anonymous to protect the innocent!
The TAC ERT team: Britto & Co
Development – the heroes of the hour who analyzed the heck out of this and came up with the suggested whitelisting.
Finally and special thanks to Lene´, Escalations Manager in Norway for keeping us on the straight and narrow.
This apparently was not ever documented by Google – so here we have it.
Oh by the way - the pages are apparently used by Google Analytics and similar services ......