This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

About Captive Certificate

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

About Captive Certificate

Go to solution
PanIst
L3 Networker

‎11-10-2014 07:23 AM

Hi all,

To make visitors not having ssl warning for Captive portal page;

is there a way to do that without purchase a certificate ?(no way for importing cert to the clients)

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
HULK
L7 Applicator

‎11-10-2014 07:32 AM

As per my knowledge, the answer will be "no". Self generated certificate will not match with client's ( browser) certificate ring. Hence, it will throw a cert warning.

Thanks

View solution in original post

4 REPLIES 4

Go to solution
HULK
L7 Applicator

‎11-10-2014 07:32 AM

As per my knowledge, the answer will be "no". Self generated certificate will not match with client's ( browser) certificate ring. Hence, it will throw a cert warning.

Thanks

Go to solution
ssharma
L5 Sessionator

‎11-10-2014 07:55 AM

Hi Panlst,

Since the certificate will be from the firewall, visitor's page will not have any information for the browser. When the client gets certificate it would be Unknown has signed Captive portal and that would generate browser error.

With certificate from trusted 3rd party, it might say Verisign has signed Captive portal, since visitors browser already trusts Verisign cert, there will not be any errors. Hope this helps. Thank you.

Go to solution
hshah
L6 Presenter

‎11-10-2014 08:00 AM

Hi Panist,

That is correct, Guest user will get certificate warning as certificate is locally generated on firewall. Guest browser doesnt know certificate hence it will generate an error.

Regards,

Hardik Shah

Go to solution
dreputi
L4 Transporter

‎11-10-2014 08:09 AM

Hello Panlst,

The answer to your question is 'No' under your conditions. In general, following are the options:

1. Use a certificate signed by 3rd party vendor like Verisign, GoDaddy, etc. This is best solution as this cert will be trusted by all the browsers irrespective of the device.

2. Use a PAN self signed certificate or domain generated sub-ordinate certificate. Install its certificate authority on the client browsers. Though technically this will work, practically it is very difficult to implement this since typically you wouldn't be knowing which device the user will be using. So not scalable.

Hope it helps.

Regards,

Dileep

  • 1 accepted solution
  • 2597 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks