Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ISA 550W Captive Portal Security Certificat Warning

I recently installed an ISA550W with multiple access points for a local hotel.  The hope was to be able to take advantage of the captive portal, however when users on the guest network are redirected to the captive portal they are recieiving a security certificate error.

Is there anyway to disable this so they are not recieving this error?

Thanks,

Brandon

7 REPLIES
New Member

ISA 550W Captive Portal Security Certificat Warning

This happens on every machine I try to connect with, so I don't think it is a CA issue.

Re: ISA 550W Captive Portal Security Certificat Warning

Brandon,
They're receiving the cert error because its using the default cert installed in the ISA which is not a cert signed by a trusted CA. At this time their doesn't appear to be a way to redirect to the captive portal via http instead of https. Technically you shouldn't want to do it that way because that would remove the encrypted tunnel for initial auth via the captive portal.
Suggestion would be to purchase a signed cert from someone like NetSol, Verisign, GoDaddy, Microsoft, etc. and apply it to the ISA. That will stop the error from occurring as long as the CA is trusted by the client, which all the above should be. If you need any assistance with any of this, please let me know and I'll be happy to help.

Sent from Cisco Technical Support iPhone App

Shawn Eftink CCNA/CCDA Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.
New Member

Re: ISA 550W Captive Portal Security Certificat Warning

So basically what it comes down to is after paying for the device, and purchasing the 1 year license (which will need to be renewed indefianlty) they now have to spend more money to get a signed certificate.  Looks like I will have to find another solution as this is starting to cost way too much just so they can have a basic captive portal.  Another Cisco small business fail.

Re: ISA 550W Captive Portal Security Certificat Warning

Some thoughts.

  1. To ensure not only security, but validation, you will want to authenticate over SSL versus HTTP.
    • Based on this, any wireless solution with Captive Portal is going to run into this unless you use the redirect feature in the ISA, or another device, and point all devices to a central auth server which would just use 1 cert.
  2. You can get a godaddy cert, for example, for $6.

Shawn Eftink
CCNA/CCDA

Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.

Shawn Eftink CCNA/CCDA Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.
New Member

Re: ISA 550W Captive Portal Security Certificat Warning

I have never run into this with any other captive portal.  And the point is this is marketed to Small Business who do not really have a dedicated IT staff, and do not understand the majority of this stuff.  It is pretty poor to not have this documented, or for Cisco sales to not point this out when the sell these units.

I have had nothing but problems with every Cisco Small Business device I have ever used, love the enterprise stuff (we have a 4507R-E that runs our backbone, but the small business stuff is terrible.

I will just find another solution, and not use the Cisco small business stuff again.

Cisco Employee

ISA 550W Captive Portal Security Certificat Warning

Hi Brandon,

you want a http option for captive portal ?

Regards,

Wei

New Member

ISA 550W Captive Portal Security Certificat Warning

Yes, this is an open network, the client just wants to be able to put up a page warnign customers of this before they get on.  The captive portal being SSL really throws a wrench in that idea.

555
Views
0
Helpful
7
Replies
CreatePlease login to create content