Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 0 subscribers
  • Views 8795 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Certificate wrror when using captive portal authentication

City_of_FWB

I having a problem with the captive portal authentication function in our Sophos Web Appliance.  When a user goes to access the Internet (IE9), it goes to load the captive portal page so they can authenticate with their AD credintials but the page comes up with

There is a problem with this website's security certificate.

They can select the "Continue to this website (not recommended)" option and sign in with no problems.  All works fine from there on untill they have to reauthenticate.

I'm using the "Sohpos Certificate" in the Certificate Authority tab and I have imported the certificate into IE on the user computer.  What am I missing?  Do  I need to create my own CA, generate the certificate and import it in as a custom certificate?

:39265


This thread was automatically locked due to age.
Parents
  • 0

    Hi, Welcome to sophostalk!

    The Web Appliance uses it's own CA to generate the necessary certificates.  So you're right that this needs to be trusted in the browser.  The important thing is to make sure you trust the actual CA (rather than just the generated certificate).  The easiest way to download the CA is from:  'Configuration > Global Policy > HTTPs scanning' in the UI.

    Also when installing this you must place it in IEs 'Trusted Root Certification Authorities' store.

    This article has more precise steps, and also explains how to do this via GPO:

    http://www.sophos.com/en-us/support/knowledgebase/42153.aspx

    Were these the steps you followed?  Let me know if that hasn't helped!

    - Tom.

    :39283
Reply
  • 0

    Hi, Welcome to sophostalk!

    The Web Appliance uses it's own CA to generate the necessary certificates.  So you're right that this needs to be trusted in the browser.  The important thing is to make sure you trust the actual CA (rather than just the generated certificate).  The easiest way to download the CA is from:  'Configuration > Global Policy > HTTPs scanning' in the UI.

    Also when installing this you must place it in IEs 'Trusted Root Certification Authorities' store.

    This article has more precise steps, and also explains how to do this via GPO:

    http://www.sophos.com/en-us/support/knowledgebase/42153.aspx

    Were these the steps you followed?  Let me know if that hasn't helped!

    - Tom.

    :39283
Children
No Data
Unfiltered HTML