I have a globeSSL certificate for Hotspot signup on UM signup page.
The certificate works well if i am already logged in and have full internet access.
But when customers access the signup page (before they have logged in), the certificate doesn’t work.
When using a Safari browser there is a warning that the certificate is not trusted.
I tried to add addresses to walled garden allow list but still didn’t manage.
Do you have any suggestions what to add to walled garden in order to work correctly?
Also is there a way how i can check which sites(addresses) are being blocked by walled garden, and causing the certificate not to work
You need to look at the certificate and check the CRL and OSCP URLs, and allow those in the walled garden. They are two methods of checking the validity of a certificate, and if it has been revoked. If you can’t check whether a certificate has not been revoked you may, depending on security settings, not trust it.
After that Internet explorer worked fine, But safari is still not working.
Yes the safari reports an error with “revoked”
How could i check which site (address) is being blocked (which additional sites to allow in walled garden)? is there a way to check in Mikrotik router (ex. through firewall, or packet sniffer)?
I have found out how to check for the URL-s , and found out that there was one URL missing in my walled garden;
“crl.globessl.com”
Thanks a lot for your explanation and help.