SSL verification behind hotspot

Johan · July 16, 2010, 3:26pm

I’ve got some major problems by SSL securing the hotspot pages.

First the Situation:

I have an GlobalSign SAN certificate to cover two domainnames. It regards hotspot.domain.com and portal.domain.com.

(https) hotspot.domain.com is an A records which points to 10.5.50.1 the local hotspot address.
(https) portal.domain.com is an public available webpage.

As you already expected hotspot.domain.com redirects to portal.domain.com which does the authorisation check and redirects with the login back to hotspot.domain.com, checks result and redirects it data back to portal.domain.com.

Now portal.domain.com is working fine when i’m on a direct internetconnection, but when i’m connected to the hotspot i will get an ssl verfication error on hotspot.domain.com and portal.domain.com. For now i discoverred the usuage of the url http://crl.globalsign.net/*.crl so I walledgarden-ip it. but for now the problem stays.

Did someone got this work?

Best Regards,

Johan

fewi · July 16, 2010, 3:44pm

What exact verification error are you getting? Can’t check revocation points, doesn’t match hostname, there’s lots of specific errors.

openssl (the command line tool) has a check mode you can use to check the specific certificate served by the Hotspot, it will tell you what is wrong where.

FWIW, I run all my Hotspots with SSL - no problems. I don’t whitelist CRLs in the walled garden, either. The Hotspot servlet takes care of that traffic.

fewi · July 16, 2010, 3:46pm

https://www.mikrotik.com/download.html

There’s a “Version Notify” form at the bottom right. Plug in your email and you’ll get notified when upgrades are available.