This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Captive Portal

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Captive Portal

helder_teixeira
Not applicable

‎03-13-2013 04:15 AM

Scenario:

I want to authenticate unknown users from my network to the internet.

I´m able to authenticate users in my ldap server using the web form, from my captive-portal in my pa-500.

But my issue is this:

Before the users receiving the portal page they receive the error in the browser saying, that is an invalid certificate. I understand this, because I’m using the pa certificate witch is invalid. Not a public one.

My question is: can I use the captive portal, just in http??? Pa intercepts for authentication in https: but the form is in http. Is there any change to intercept and prompt credentials in http:

Or I must buy a public certificate? I can´t use an internal certificate using the active directory, because I’ve got some machines not joined to the domain. Appreciate some help.

Labels:
0 Likes Likes
3 REPLIES 3

goku123
L7 Applicator

‎03-13-2013 06:03 AM

If you have a few non domain machines, is it possible to manually have these users install the CA in the trusted CA store?

You can generate a CA on the PA device (or use your internal windows CA) & use it to generate the captive portal certificate. You can then export this CA out of the PA & possibly push it out through GPO to your domain machines.

Authentication in the clear may not be a good idea, since a sniffer on the wire may be used to get access to the credentials being used.

HITSSEC
L4 Transporter

‎03-13-2013 06:29 AM

I agree with achitwadgi.  Would like to add that a public cert is not that expensive if you want to avoid the warning messages.  We have a public cert for our PA5000s.  We have a self signed cert for our PA-500 which we use in a test environment and guest access.

0 Likes Likes

helder_teixeira
Not applicable
In response to goku123

‎03-13-2013 07:25 AM

I know about the public certificate, because I have several customers with the public certificate. The sniffer, is not an issue to me in the internal network, but I would like to know, how to make it possible without https in captive portal.

0 Likes Likes
  • 3084 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks