Security

Reply
Regular Contributor II

ClearPass Guest redirect webpage issue to HTTPS sites

We have it when a user connects to guest then opens a web browser and our Acceptance policy window pops up. We have found that if the user's home page or tries to browser to www.google.com they do not get the acceptance page. But if the user goes to www.cnn.com, then the acceptance page displays. I found the only difference between www.google.com and www.cnn.com, is that Google automactically redirects to HTTPS and CNN does not. Is there anyway to change this so it works with HTTP and HTTPS?

Guru Elite

Re: ClearPass Guest redirect webpage issue to HTTPS sites

They should receive a certificate error for HTTPS sites. This is normal and the browser is doing exactly what it is supposed to. On most modern versions of the various opertaing systems, a captive portal state should kick in which prompts either the default browser or a special mini browser to appear and it will attemp to connect to an HTTP-only site to trigger redirection.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Contributor II

Re: ClearPass Guest redirect webpage issue to HTTPS sites

I've run into this same issue too. Unfortunately as more and more sites switch to https as a default, this is becoming an increasingly common problem.

 

-Neil

 

--
Neil Johnson
Guru Elite

Re: ClearPass Guest redirect webpage issue to HTTPS sites

The operating system should be triggering captive portal detection behavior so you should not see any certificate errors.


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Contributor II

Re: ClearPass Guest redirect webpage issue to HTTPS sites

I found the problem.

 

I had “Logout popup window” enabled in the captive portal profile on the controller.

 

That was causing the certificate error.

 

Now things are working fine.

 

-Neil

 

--
Neil Johnson
Regular Contributor II

Re: ClearPass Guest redirect webpage issue to HTTPS sites

I checked but it was unchecked.

Regular Contributor II

Re: ClearPass Guest redirect webpage issue to HTTPS sites

TAC took a look at the certificate. This is what they said:

"However, this intermediate cert is not available in IOS trusted store list.   For our validation, please try with different browser from IOS device.
 
“GeoTrust DV SSL CA - G3”
 
For your reference, kindly follow the below link about trusted certificate list
 
https://support.apple.com/en-in/HT208125"

Guru Elite

Re: ClearPass Guest redirect webpage issue to HTTPS sites

The intermediate should be chained as part of the server cert. Only the root CA needs to be in the device’s cert store.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Regular Contributor II

Re: ClearPass Guest redirect webpage issue to HTTPS sites

When I looked at the certificate, it had the cert in the following order.

-Private Key

-Server 

-Intermediate

-Root

 

I replied to TAC that the link was talking about root certificate. But they have mentioned the intermediate.

Regular Contributor II

Re: ClearPass Guest redirect webpage issue to HTTPS sites

Also told TAC that it happens on other device as well (Windows, MacOS and Android)

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: