Captive Portal Redirect On Initial Browser Https Request - Ruckus Wireless ZoneDirector 1200 User Manual

Figure 162: Activating captive portal/web authentication

Captive Portal Redirect on Initial Browser HTTPS Request

When logging in to a Web Auth/Hotspot/Guest WLAN by initially requesting an HTTPS
page in the browser, the client may encounter one or two SSL/HTTPS security warnings
as follows:
• The first is generated because the SSL certificate of the HTTPS site the user is trying
to reach does not match the certificate installed on the ZoneDirector. Depending on
the browser/OS, this maybe flagged as a potential Man in the Middle attack (MiM).
• The second is generated if the ZoneDirector or Hotspot server does not have an SSL
certificate signed by a recognized Certificate Authority installed when the client is
redirected to the login page.
These browser security warnings are there to encourage users to take care when
browsing secure sites and ensure their authenticity. However, there are two options to
help mitigate these warnings:
1. Completely disable the "redirect on initial browser HTTPS request" feature (refer to
the ZoneDirector CLI Reference Guide, "no https-redirection" command). Users will
no longer be redirected to the captive portal when their browser initially requests an
HTTPS page and the browser will display a message similar to "Page not found" or
"SSL connection error". In this case, the user will then need to request an HTTP page
(not HTTPS) to be redirected to the login page. This approach prevents users from
being "conditioned" to click-through browser security warnings.
2. Install an SSL certificate signed by a recognized Certificate Authority on the
ZoneDirector or captive portal server. This will only prevent the second security
warning - the first will still occur because the certificate will not match that of the
requested secure site. See
information.
Working with SSL Certificates on page 326 for more