Hello, I am using a Hotspot service for company users to authenticate to when they 'onboard' a new mobile BYOD device.
i.e. users connect to an initial unsecure SSID, which redirects to a third party 'onboarding' server which then auto configures a secure wifi profile on their mobile device.
The problem is that the initial connection to the Hotspot service is untrusted i.e .new user BYOD devices have no way of being pre-installed with our corporate root CA cert. This is understandable.
Therefore, I was thinking to buy a public signed cert and bind it to our corporate public IP address which would NAT through to our LAN 'onboarding' server.
My questions are:
1) is this is a good idea for ensuring that the first step of onboarding a new mobile device does not involve an untrusted URL ?
2) Can you enter a public IP address in the ZoneDirector Hotspot 'Redirect unathenticated user to' service ?