Captive Web Portal Windows PC Accept Screen doesn't show

  • 2
  • Question
  • Updated 3 years ago
  • Answered
We have CWP defined.  Works well on iPhone type devices.  On Windows PC's, we often don't get the accept screen.  We have observed that we have to manually open up a browser window and enter a URL to go to before the CWP screen shows up.  If the browser is already open, or the PC has an initial web site that is https site, the CWP screen will never appear.  We have to manually change it to a non-https site.

Besides turning on HTTPS on the CWP screens, is there another way to get this to work?
Photo of Dennis

Dennis

  • 4 Posts
  • 0 Reply Likes

Posted 3 years ago

  • 2
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Dennis,

There is actually no conceptual way to get this to work short of importing your own root certificate to each client and MITMing the HTTPS (TLS) connection - which Aerohive's APs do not and should not and could not practically support. (It would be a security flaw in a Web browser were this possible otherwise as it would undermine how PKI is meant to work as far as chain of trust goes.)

Even then, that increasingly will not work with popular sites due to certificate pinning taking place in Web browsers, explicitly to stop all forms of MITM.

You have to rely on independent, out-of-band CWP detection being present in an operating system for a CWP to function correctly. If that doesn't take place, there is no solution to this issue. Therefore, it is there that this issue has to be addressed.

I suggest that you read through my replies in the following thread:

https://community.aerohive.com/aerohive/topics/social-login-in-combination-with-social-websites

I never deploy with a CWP due to the awful user experience and security issues that exist with them and open SSIDs, preferring to use 802.1X or PPSKs, delivering credentials through other means.

Regards,

Nick
(Edited)