Avoiding Certificate Error With Captive Portal

Reply
Highlighted
Not applicable

Avoiding Certificate Error With Captive Portal

I was able to get Captive Portal setup successfully, but is there a way to prevent IE from complaining about a certificate error to get to the captive portal?  I probably won't be able to use it because of this error, it would be too confusing to some of my users.

Thanks for any help.

Tags (2)
L4 Transporter

Re: Avoiding Certificate Error With Captive Portal

You will need to switch to redirect mode to remove the browser warnings. This allows the device to forward the browser to an interface IP address that will have a matching certificate and then, once properly authenticated, it will forward them back to the originally desired destination.

https://live.paloaltonetworks.com/docs/DOC-1516

Mike

Not applicable

Re: Avoiding Certificate Error With Captive Portal

I switched to redirect mode to 10.2.0.1, which is one of my L3 interfaces and I still receive a certificate error -- I've tried both a self generated certificate and using that Server Certificate and just leaving the Server Certificate blank.

I am seeing this in IE8, I don't have any other browsers installed on the machine I am testing with.

Any thing else I can try?

L4 Transporter

Re: Avoiding Certificate Error With Captive Portal

In order to eliminate the errors you will need to install a cert that matches the IP address of the interface. Otherwise, the browser will still give certificate warnings.

Mike

Not applicable

Re: Avoiding Certificate Error With Captive Portal

I did that.  Problem is that IE8 doesn't like the fact that it is a self-generated certificate, guess I am out of luck unless I want to purchase a certificate.

L4 Transporter

Re: Avoiding Certificate Error With Captive Portal

You don't necessarily need to purchase a cert, but you do need it to be a cert signed by a CA that your browsers trust. If you have a CA in place for creating certs for internal services, the same could be used for this. Alternatively, you could create a CA and tell your browsers to trust certs signed by it.

Mike

L2 Linker

Re: Avoiding Certificate Error With Captive Portal

PAM OS: 3.1.6

I use IE browser 8 for captvie portal but IE get cert very slowly. If I use firefox, It is OK.

Has captvie portal problems with IE 8?

Thank You

L6 Presenter

Re: Avoiding Certificate Error With Captive Portal

If you are using a self-signed certificate with Captive Portal and IE8 you will see slow page load times.

This is a browser issue. One way that you can solve this problem is by putting a valid cert on the Captive Portal and using redirect mode for Captive Portal.

L2 Linker

Re: Avoiding Certificate Error With Captive Portal

For IE8, I found a problem. IE8 can not trust valid cert but other browser as Firefox can trust cert.

Have you ever found this issue? How solved?

Thank You

L6 Presenter

Re: Avoiding Certificate Error With Captive Portal

When you say "IE 8 cannot trust a valid cert" what does that mean exactly?

Public CA or Internal CA?

certificate details? (format, key length, etc etc)

What error(s)/symptom(s) does IE 8 display?

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!