This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
- Community
- RUCKUS Technologies
- RUCKUS Lennar Support
- Community Services
- RTF
- RTF Community
- Australia and New Zealand – English
- Brazil – Português
- China – 简体中文
- France – Français
- Germany – Deutsch
- Hong Kong – 繁體中文
- India – English
- Indonesia – bahasa Indonesia
- Italy – Italiano
- Japan – 日本語
- Korea – 한국어
- Latin America – Español (Latinoamérica)
- Middle East & Africa – English
- Netherlands – Nederlands
- Nordics – English
- North America – English
- Poland – polski
- Russia – Русский
- Singapore, Malaysia, and Philippines – English
- Spain – Español
- Taiwan – 繁體中文
- Thailand – ไทย
- Turkey – Türkçe
- United Kingdom – English
- EOL Products
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- RUCKUS Forums
- Community Services
- To Be Moved
- Re: Captive portal and HTTPS problems
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Captive portal and HTTPS problems
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-19-2016 04:15 PM
We are setting up the Cloudpath captive portal and ran into one issue. When a user with a personal device wants to get on our network, the steps are straight forward:
https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
Every Google site uses HSTS and of course many people have their home page for their web browser set at https://www.google.com. Has anyone else encountered this? I do have a case open with Ruckus support. From what I read HSTS will become much more common over time
- User joins our wide open guest network
- They launch a web browser and hit the Cloudpath captive portal
- They are led through the process of securely on-boarding their device
- If the first page a person hits on their web browser is HTTPS, the get a cert error. If they click continue, they are at the captive portal
- If the first page a person hits on their web browser is HTTPS and HSTS, they just get an error message, they never get the Cloudpath screen
https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
Every Google site uses HSTS and of course many people have their home page for their web browser set at https://www.google.com. Has anyone else encountered this? I do have a case open with Ruckus support. From what I read HSTS will become much more common over time
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-12-2017 07:36 PM
Unfortunately HSTS is a standard that many of the browsers and websites are leveraging and rightly so to avoid redirecting users unknowingly which could result in loss of data for end users. But this poses a problem for captive portal redirection which are legitimate. There is not widely adopted standard right now but like identified above RFC 7710 gives is a way once it is ratified and adopted. This ofcourse affects all vendors and is not applicable only to Ruckus. There are browsers like Firefox who have implemented a 'Click here to login' or 'This network needs login' button that automatically pops up in such cases. We also do recommend using CNA as that uses a http site that does not break the redirect (Apple uses http://www.captive.apple.com)
Hi Shaun,
Can you confirm if you are using Cloudpath or if it is a ZD only question. Also are you getting the 'Certificate not signed error' or HSTS error? If it is prior, who are you using for the certificate signature? Looks like the browser does not identify the signing authority.
--
Regards
Abhi Maras
Hi Shaun,
Can you confirm if you are using Cloudpath or if it is a ZD only question. Also are you getting the 'Certificate not signed error' or HSTS error? If it is prior, who are you using for the certificate signature? Looks like the browser does not identify the signing authority.
--
Regards
Abhi Maras
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-26-2019 01:08 PM
Even after two years of this post, the problem still persists. One of my clients has a Ruckus Cloud installation and several R610 APs. This authentication issue only occurs on Android devices with captive portal for Google login. No issues occur on iOS or desktops. You know state the action recommended by the Ruckus for this case?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-12-2017 10:37 PM
Hi.
I am using a Zone Director 1200 Series. I have acquired a certificate signed by Geotrust and also imported the intermediate certificate along with the signed certificate into the Zone Director. The login page used to give me a untrusted error for all clients and this has been solved so I am sure my import procedure was correct. I noticed the non trusted issue mainly on phones using chrome browsers to Authenticate. I was able to replicate the error on a windows 7 machine by typing www,google.com insto the browser after ignoring the captive portal login page.. Just for testing.
I have now upgraded the Zone Director to firmware:
zd1200-9-12-3-0-61
After this I strangely don't seem to get the Chrome certificate error on the laptop anymore no matter how I try. I have yet to test this on various mobile devices. Hoping for the best but we shall see. Not sure if firmware could solve this issue, it doesn't seem likely but I will see what happens.
Regards,
Shaun
