No documentation found. I just experienced this on this customers project. I'm working with TAC because this must be a bug.
TAC states it should be captiveportal-login.domain
I broke the internal CP functionality messing with the CP settings certificate to get Clearpass Guest working properly with the wildcard.
I opened the ticket because I kept getting the default certifcate sent to the client even when the GUI said the wildcard was in use. TAC collected data but couldn't fix it. I later found out you have to set the CP certificate on device level on both MM en MC. Higher up doesn't work (bug?). TAC states it should but they collected logs of it not working. I have also sent them logs of the internal Captive Portal working again.
When I got the internal CP working again, I noticed there was no hostname in de url. So I tried that on the Clearpass vendor settings and now Clearpass Guest works as expected. This must be a bug too.
It will prevend my customer to upgrade to 8.5.0.4 if thats the case though because that would break the guest wifi. I will have to leave instructions what to do if it is changed back to normal.
I'll keep this thread updated with input from TAC.
rgds,
Erik