Occasional Contributor II

HTTPS captive portal

The https captive portal screen.
Are the user name and passwords encrypted so that they are not still clear text?

I know typical captive portal usage has Open wireless networks.

So why https page for authentication?
Are username/passwords able to be sniffed?

Also, if this was Captive Portal is tied to RADIUS or LDAP account, does that mean that domain user accounts are now open over the open wireless network?

I have configured many wireless accounts, most with a default guest username/password.
Now I have a customer who would like to authenticate users this way also for limited access with home laptops, etc. But I am trying to understand possible securtity concerns.

Any aruba documentation references would be greatly appreciated.


HTTPS captive portal

The username/passwords are encrypted through the https/standard ssl session. That is the reason that https is the default of the Aruba captive portal: to encrypt the sensitive username/password data. No different really than authenticating to a banking website or yahoo mail as examples that both use https.

The user data -after- the login is not encrypted by the captive portal authentication mechanism, so in that way it's exactly like Yahoo mail (secure login, open/non-encrypted user data) sessions.

Hope that helps...
Occasional Contributor II

Re: HTTPS captive portal

Yes, thanks,

I understand user data is not encrypted, and that is to be expected. I just wanted to make sure any user account passwords were not being sent in the clear.

thanks again.


HTTPS captive portal

Correct. You could always verify that with a quick wireshark if you would like as well.
Occasional Contributor II

Re: HTTPS captive portal

Make sure you put a valid cert on the controller. If I understand SSL correctly, if a client gets a message in their browser that the cert is untrusted and chooses to go to the site anyway, then the traffic is unencrypted.
Guru Elite

Re: HTTPS captive portal

Still encryoted, but you don't know who you are connecting to.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Search Airheads
Showing results for 
Search instead for 
Did you mean: