Captive Portal HTTPS SSL decrypt

cancel
Showing results for 
Search instead for 
Did you mean: 

Captive Portal HTTPS SSL decrypt

L3 Networker

Captive Portal HTTPS decrypt

 

Dear all:

 

Very good afternoon, I have the following doubts and concerns:

-Is it mandatory to configure SSL Decrypt ( I understand that yes, please confirm, it is for the point that when they enter a HTTPS site, it displays the captive portal in HTTPS ).

 

Thinking to avoid having to manually pass and distribute the certificate, as it is impractical, e.g. for external devices, smart phones, etc. to have to install the self signed certificate from Palo Alto, is it possible to generate a CSR and use the Public certificate, externally signed, e.g. Global sing, etc, to be used for the SSL decrypt and the captive portal ?

 

In this case the certificate would be externally validated, thinking in the computers, laptops, cell phones and external devices, but this certificate in the Palo Alto, would be only tied / linked to the LAN interface of Palo Alto, with a local DNS A record of example: My portal.mydomain.com, a local domain, but not external, there would be no problems with validation if the FQDN or CN Hostname of the certificate, resolves to a local IP (The LAN IP of Palo Alto).

 

Please I remain attentive to all your comments, I appreciate the support, the clarification that you can give me.

 

Thank you,

 

I remain attentive, best regards.

 

High Sticker
2 REPLIES 2

Cyber Elite
Cyber Elite

@Metgatz,

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClevCAC

It you are looking to intercept the HTTPS traffic you need to enable decryption to actually send the 302. Depending on a number of factors on how your non-managed devices and equipment your using there's ways to serve a splash page that prompts users connecting to download and internal your certificates. 

@BPry 

 

Good afternoon, thank you very much for the answer, it is clearer for me.

 

And regarding the certificates, I can use the same example, public certificate for the SSL Decrypt and also be used by the Captive Portal in the SSL/TLS profile.

 

I remain attentive, best regards, thank you.

High Sticker
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!