I have my PA-200 on virtual wire mode with Captive Portal using SSL Decrypt for all users with Self Signed Certificate. When the users try to navigate on crhrome browser to internet they receive NET::ERR_CERT_COMMON_NAME_INVALID that doesn't permit to bypass for go to untrust site. When i manually enter a site that support http or another certificate method, is possible to navigate to the the unsafe site and Captive Portal works very well (Also I have Decryption profile and it also works) I read that it is common issue on Google, So I manually put a Subject Alternate name on attributes (host, ip, alt-email) to the Certificate, after export to the PC user like a root trust certificate but it doesn't works On my case, all trust users takes DHCP IPs of the Router above the FW so default gateway is the router IP (virtual wire doesn't provide a FW IP) . I manually generate a certificate with the router IP but still doesn't works 😞 Any Idea or suggestion?
... View more