03-13-2013 04:15 AM
I want to authenticate unknown users from my network to the internet.
I´m able to authenticate users in my ldap server using the web form, from my captive-portal in my pa-500.
But my issue is this:
Before the users receiving the portal page they receive the error in the browser saying, that is an invalid certificate. I understand this, because I’m using the pa certificate witch is invalid. Not a public one.
My question is: can I use the captive portal, just in http??? Pa intercepts for authentication in https: but the form is in http. Is there any change to intercept and prompt credentials in http:
Or I must buy a public certificate? I can´t use an internal certificate using the active directory, because I’ve got some machines not joined to the domain. Appreciate some help.
03-13-2013 06:03 AM
If you have a few non domain machines, is it possible to manually have these users install the CA in the trusted CA store?
You can generate a CA on the PA device (or use your internal windows CA) & use it to generate the captive portal certificate. You can then export this CA out of the PA & possibly push it out through GPO to your domain machines.
Authentication in the clear may not be a good idea, since a sniffer on the wire may be used to get access to the credentials being used.
03-13-2013 06:29 AM
I agree with achitwadgi. Would like to add that a public cert is not that expensive if you want to avoid the warning messages. We have a public cert for our PA5000s. We have a self signed cert for our PA-500 which we use in a test environment and guest access.
03-13-2013 07:25 AM
I know about the public certificate, because I have several customers with the public certificate. The sniffer, is not an issue to me in the internal network, but I would like to know, how to make it possible without https in captive portal.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!