Community discussions

MikroTik App
  4. Other topics
  5. The User Manager

Re: Walled garden and GlobeSSL certificate not working

Post Reply
 
imaljko4
Member Candidate
Member Candidate
Topic Author
Posts: 250
Joined: Fri Apr 25, 2008 6:52 pm

Re: Walled garden and GlobeSSL certificate not working

Tue Jul 12, 2011 6:14 pm

Hello,

I have a globeSSL certificate for Hotspot signup on UM signup page.

The certificate works well if i am already logged in and have full internet access.
But when customers access the signup page (before they have logged in), the certificate doesn't work.
When using a Safari browser there is a warning that the certificate is not trusted.

I tried to add addresses to walled garden allow list but still didn't manage.

Do you have any suggestions what to add to walled garden in order to work correctly?

Also is there a way how i can check which sites(addresses) are being blocked by walled garden, and causing the certificate not to work

Please help,
And thanks for any suggestions
Top
 
fewi
Forum Guru
Forum Guru
Posts: 7717
Joined: Tue Aug 11, 2009 3:19 am

Re: Walled garden and GlobeSSL certificate not working

Tue Jul 12, 2011 7:24 pm

You need to look at the certificate and check the CRL and OSCP URLs, and allow those in the walled garden. They are two methods of checking the validity of a certificate, and if it has been revoked. If you can't check whether a certificate has not been revoked you may, depending on security settings, not trust it.
Top
 
imaljko4
Member Candidate
Member Candidate
Topic Author
Posts: 250
Joined: Fri Apr 25, 2008 6:52 pm

Re: Walled garden and GlobeSSL certificate not working

Tue Jul 12, 2011 7:33 pm

Thanks

I have already added this sites:

crt.usertrust.com
ocsp.usertrust.com
crt.globessl.com
ocsp.globessl.com

After that Internet explorer worked fine, But safari is still not working.

Yes the safari reports an error with "revoked"
How could i check which site (address) is being blocked (which additional sites to allow in walled garden)? is there a way to check in Mikrotik router (ex. through firewall, or packet sniffer)?


Thank a lot
Top
 
imaljko4
Member Candidate
Member Candidate
Topic Author
Posts: 250
Joined: Fri Apr 25, 2008 6:52 pm

Re: Walled garden and GlobeSSL certificate not working

Tue Jul 12, 2011 11:17 pm

You need to look at the certificate and check the CRL and OSCP URLs, and allow those in the walled garden. They are two methods of checking the validity of a certificate, and if it has been revoked. If you can't check whether a certificate has not been revoked you may, depending on security settings, not trust it.
how can i check for the CRL and OSCP URLs? Can i read it out from my certificate and how?

Thanks for help
Top
 
imaljko4
Member Candidate
Member Candidate
Topic Author
Posts: 250
Joined: Fri Apr 25, 2008 6:52 pm

Re: Walled garden and GlobeSSL certificate not working

Wed Jul 13, 2011 12:02 am

I have found out how to check for the URL-s , and found out that there was one URL missing in my walled garden;
"crl.globessl.com"
Thanks a lot for your explanation and help.

You saved me!!!
Top
Post Reply

Who is online

Users browsing this forum: No registered users and 38 guests
  4. Other topics
  5. The User Manager