Captive portal in version SFOS 19.0.0 GA-Build31 is not using specified certificate as admin portal.
Captive portal is using SOPHOS cert which is not correct in my setup. See below images.
Have tried fresh re-install, upgrade removing and re-adding the cert an CA detail - not working.
...
Hello Andrew Laing,Under the Administration > Admin and user setttings > Please check and revert.
Thanks & Regards,
Vivek Jagad | Technical Account Manager 3 | Cyber Security EvolvedSophos Community | Product Documentation | Sophos Techvids | SMSIf a post solves your question please use the 'Verify Answer' button.
Hi Vivek,
The certificate is set to the SSL certificate I have purchased. It is working fine in the ADMIN console but the captive portal is not working.
Furthermore the user portal is using the correct certificate.
The issue seems to be only with the captive portal for user sign on - please investigate and revert.
In that case, use the following KBA: https://support.sophos.com/support/s/article/KB-000036904?language=en_USIt will also help you use a secure cert rather than the error insecure !!
Why would the certificate that I own work fine in the user console and admin portal, I do not want to use the appliance certificate!
There is an issue with the captive portal using the appliance certificate and not the SSL certificate specified, why would it work for the user portal and admin portal?
Please investigate, again I will not use the appliance certificate - this defeats the purpose of an SSL certificate.
So, I just replicated in my test environment: SFVUNL (SFOS 19.0.0 GA-Build317)Step:1 Created a self signed cert locally: Step-2 Assigned it under the admin & user settings Step-3 Ensured the details under the certificate > certificate authorities > default cert is filled properly.Step-4 downloaded the cert and installed that cert under the MMC > Trusted root certificate under the client machine.Step- 5 Access the captive portal:This worked for me, can you check if you have proper details filled under the default cert certificate > certificate authorities and if that default cert is installed in the client machine ?
I am having the exact same issue, this was working correctly before the update to SFOS 19.0.0 GA-Build31. The admin page and user portal are using the correct certificate selected under Admin console and end-user interaction, put the captive portal (port 8090) is using the appliance certificate instead.
Hello Simon Enjamio Gomez,Can you just double check if the default cert from certificate > certificate authorities in installed in the client machine and has the details filled in properly after you updated the firmware ?
Hi Vivek
The certificate is not on the client machine as this is used to ask for authentication on BYOD mobiles which do not have the client cert installed. We are using a LetsEncrypt certificate so that the mobiles are not presented with an invalid certificate. This worked perfectly in 18.5 as the mobiles were presented the captive portal with the LetsEncrypt certificate which they will trust by default.
The admin page and user page both present the LetsEncrypt cert as expected.
EDIT: I have reverted back to SFOS 18.5.3 MR-3-Build408 and the expected behaviour has returned (Captive portal is using LetsEncrypt cert as expected).