Certificate issues with the HotSpot


By default the HotSpot system redirect all requests to the SSL HotSpot page.
When the user query any website, the HotSpot Firewall redirect TCP connections to the SSL HotSpot Page.
This behavior encounter an SSL certificate issue on Browsers because the certificate sent by the HotSpot front-end web page is not the requested certificate ( google certificate for example)

 

27-01-2016 13-13-56

There are no really solution to redirect browsers SSL requests to the HotSpot system.
To fix this issue, sure you can install HotSpot certificate in browsers but this is a complicated task on guest accounts.

1) Turn OFF the SSL redirection on the HotSpot System.

  • On the Service parameters, search the “SSL redirection” option and turn it to OFF.
  • Click on Apply button.

27-01-2016 13-22-04

  • This option will not redirect an HTTP request to the HotSpot SSL web service but to the HotSpot HTTP web service.
  • In this case, when user enter https://something.com, it will be redirect the https://ipofhotspot web page.
  • But if an user enter an SSL request ( such as https://www.google.com ) it will still redirected to the SSL hotspot page and browsers display an issue with the certificate.

27-01-2016 13-30-47

2) Deny access to the SSL websites before logging

  • The only way to remove the certificate issue is to deny any access to ssl websites until guests are not logged.
  • In this case, instead having an SSL certificate error, browser will display an Internet connection issue.
  • User have to enter an HTTP address in order to get redirected to the HotSpot login screen.

27-01-2016 15-54-44

  • With Artica v2.35 or above, you can totally disable the SSL redirection by enabling the “Deny SSL” option.

27-01-2016 18-34-01

 

Leave a comment