Hello, I am using a Hotspot service for company users to authenticate to when they 'onboard' a new mobile BYOD device. i.e. users connect to an initial unsecure SSID, which redirects to a third party 'onboarding' server which then auto configures a secure wifi profile on their mobile device. The problem is that the initial connection to the Hotspot service is untrusted i.e .new user BYOD devices have no way of being pre-installed with our corporate root CA cert. This is understandable. Therefore, I was thinking to buy a public signed cert and bind it to our corporate public IP address which would NAT through to our LAN 'onboarding' server. My questions are: 1) is this is a good idea for ensuring that the first step of onboarding a new mobile device does not involve an untrusted URL ? 2) Can you enter a public IP address in the ZoneDirector Hotspot 'Redirect unathenticated user to' service ?
Getting a one time certificate warning is expected even with the Public Signed Certificate as the CN of the certificate couldn't be the same as the initial URL(eg google.com) client is trying to visit. You may refer to this article for details: https://support.ruckuswireless.com/articles/000006337
To answer your second query, yes you can enter a Public IP in the Hotspot URL, provided you have a public hosted portal service.