Cipafilter Support:
309 517 2022 option 2
Mon - Fri 7 AM - 6 PM CT
4 - Content Filtering - Portal Certificate
Posted by on 01 October 2013 02:11 PM

The captive portal is SSL-encrypted (that is, it uses the HTTPS protocol) for security. Without this encryption, it would be extremely easy for anyone on your organization's network to view the traffic moving between other clients and the portal, and by inspecting that traffic, they would be able to capture the user names and passwords of anyone logging in.

To achieve protection from this sort of snooping, the portal must use a certificate. This certificate is in turn signed by a certificate authority (CA). By default, the CA used to sign the portal's certificate is the same one which is created in the SSL Configuration section (mentioned above).

However, this default configuration can be problematic:

  • The portal site will be accessible only from the address, which some organizations are uncomfortable with for security or branding reasons.
  • The portal will display a security warning message to any user who has not yet trusted the filter's CA. This message is unattractive and confusing.
  • Some clients, particularly the browsers on older mobile devices, won't display a warning at all — the portal will simply fail to load entirely.

The Portal Certificate feature provides a solution to all of these concerns, by allowing an organization to specify its own custom certificate, particularly one which has been signed by a trusted public CA.

To use the feature, enter the desired information into the Custom Certificate Information section. Much of this will be the same as what is entered under SSL Certificate Information. The Common Name field is of particular importance — it represents the site address that will be used for the portal when this feature is active. As an example, an organization with the domain may wish to use as their portal's Common Name.

Once the certificate information has been entered, clicking GENERATE REQUEST will generate a certificate signing request (CSR) for download. This CSR file is used by a certificate authority to generate the needed certificate file. Simply submit this file to the certificate provider of your choice, such as Namecheap or GoDaddy (Note: CIPAFilter does not endorse or recommend any particular certificate provider). Typically, one can expect a certificate suitable for this purpose to cost between 5 and 30 USD per year.

The certificate provider should respond with a public certificate and a CA bundle; once these are in hand, they need simply to be uploaded to the filter via the Upload Custom Certificate Data section.

It is also possible for an organization to use a wild-card certificate or one signed by an internally trusted CA, but this is not currently exposed to the Web interface. If you would like assistance configuring the portal this way, or if you have any other questions at all, tech support will be happy to assist you through the process.

(1 vote(s))
Not helpful

Comments (0)
©Cipafilter 2017. All Rights Reserved.