About Captive Certificate

L3 Networker

About Captive Certificate

Hi all,

To make visitors not having ssl warning for Captive portal page;

is there a way to do that without purchase a certificate ?(no way for importing cert to the clients)

L7 Applicator

Re: About Captive Certificate

As per my knowledge, the answer will be "no". Self generated certificate will not match with client's ( browser) certificate ring. Hence, it will throw a cert warning.


L5 Sessionator

Re: About Captive Certificate

Hi Panlst,

Since the certificate will be from the firewall, visitor's page will not have any information for the browser. When the client gets certificate it would be Unknown has signed Captive portal and that would generate browser error.

With certificate from trusted 3rd party, it might say Verisign has signed Captive portal, since visitors browser already trusts Verisign cert, there will not be any errors. Hope this helps. Thank you.

L6 Presenter

Re: About Captive Certificate

Hi Panist,

That is correct, Guest user will get certificate warning as certificate is locally generated on firewall. Guest browser doesnt know certificate hence it will generate an error.


Hardik Shah

L4 Transporter

Re: About Captive Certificate

Hello Panlst,

The answer to your question is 'No' under your conditions. In general, following are the options:

1. Use a certificate signed by 3rd party vendor like Verisign, GoDaddy, etc. This is best solution as this cert will be trusted by all the browsers irrespective of the device.

2. Use a PAN self signed certificate or domain generated sub-ordinate certificate. Install its certificate authority on the client browsers. Though technically this will work, practically it is very difficult to implement this since typically you wouldn't be knowing which device the user will be using. So not scalable.

Hope it helps.



Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!