Community discussions

 
ik3umt
Member Candidate
Member Candidate
Topic Author
Posts: 248
Joined: Tue Jul 08, 2014 3:58 pm

HotSpot Trial user pre-login https server error

Tue Mar 28, 2017 3:54 pm

I have enabled trial user on the hotspot

If the user try to browse HTTP sites , the hotspot welcome page appears
It he try to browse an HTTPS site , browser says it cannot open the page because of server connection has failed.


After a regular trial login (by choosing HTTP site) then also HTTPS sites can be displayed .

Any solution to display login page the first time with HTTPS requests ?
 
User avatar
pukkita
Trainer
Trainer
Posts: 2984
Joined: Wed Dec 04, 2013 11:09 am
Location: Spain

Re: HotSpot Trial user pre-login https server error

Tue Mar 28, 2017 4:39 pm

There's no solution.

Hotspot uses a man-in-the-middle scheme to catch and redirect http requests.

Https protocol is designed to avoid this from happening, the device will get a warning about potential security breach.
Simplicity is the Ultimate Sophistication - Da Vinci
Getting the most out of this forum
 
User avatar
juliokato
Member Candidate
Member Candidate
Posts: 229
Joined: Mon Oct 26, 2015 4:27 pm
Location: Brazil

Re: HotSpot Trial user pre-login https server error

Tue Mar 28, 2017 5:35 pm

try this:
https://wiki.mikrotik.com/wiki/Manual:H ... PS_example

Or purchase a valid certificate like: let's encrypt - is free but is valid for 90days and need recertificate.
I apologize my grammatical errors, my english not so good, I am not a native speaker.
Wiki is maintained in English. I use Google translator. 8)
 
ik3umt
Member Candidate
Member Candidate
Topic Author
Posts: 248
Joined: Tue Jul 08, 2014 3:58 pm

Re: HotSpot Trial user pre-login https server error

Tue Mar 28, 2017 6:46 pm

There's no solution.

Hotspot uses a man-in-the-middle scheme to catch and redirect http requests.

Https protocol is designed to avoid this from happening, the device will get a warning about potential security breach.
Anyway, from what I saw, once authenticated (user/pass or trial) the user is able to browse any HTTPS site, isn't it ??

A workaround could be to invite users to visit a valid HTTP site (i.e. the restaurant one) to be brought to the login page ...... :?:

P.S.
Does it matter if only trial auth has to be used ??
 
serthan
Frequent Visitor
Frequent Visitor
Posts: 61
Joined: Sat Jun 16, 2007 10:49 am

Re: HotSpot Trial user pre-login https server error

Fri Apr 07, 2017 10:54 am

After SSL activated

Image
Image
img upload
Best Regards.
Serthan Öztürk
Electronic Engineer
http://www.sgsbilisim.com.tr
 
User avatar
pukkita
Trainer
Trainer
Posts: 2984
Joined: Wed Dec 04, 2013 11:09 am
Location: Spain

Re: HotSpot Trial user pre-login https server error

Fri Apr 07, 2017 11:58 am

Anyway, from what I saw, once authenticated (user/pass or trial) the user is able to browse any HTTPS site, isn't it ??
Yes, once authenticated traffic is not restricted, no matter if HTTPs or whatever, no need to specify anything.
A workaround could be to invite users to visit a valid HTTP site (i.e. the restaurant one) to be brought to the login page ...... :?:
Exactly. Any HTTP request will brought up the captive portal page.

I have found that over-complicating things can be avoided by this simple approach:

- Tell the staff to advice people to browse to some simple URL; e.g. say the hotspot static DNS entry hostname is "restaurant": advice customers to just enter "restaurant" (or "wifi", or "internet", or any simple word, just make sure you create an static DNS entry so that it actually resolves to the captive portal IP)

- Put google HTTPS in walled garden. Most people will have google as home page, or will try accessing it, most times the search results will include http sites that will "catch" and redirect to the captive portal.
P.S.
Does it matter if only trial auth has to be used ??
No.
Simplicity is the Ultimate Sophistication - Da Vinci
Getting the most out of this forum
 
ik3umt
Member Candidate
Member Candidate
Topic Author
Posts: 248
Joined: Tue Jul 08, 2014 3:58 pm

Re: HotSpot Trial user pre-login https server error

Fri Apr 07, 2017 5:00 pm

I'm not experienced but, once an HTTPS request from a not yet authenticated user comes to hotspot , is it still not possible to answer back and tell the browser "reload this HTTP page" ??
Is the problem related to web browser itself when it asks for HTTPS but it receives back something different ??
 
User avatar
pukkita
Trainer
Trainer
Posts: 2984
Joined: Wed Dec 04, 2013 11:09 am
Location: Spain

Re: HotSpot Trial user pre-login https server error

Fri Apr 07, 2017 6:56 pm

Try it, the user will get a big bold security or threat warning.
Simplicity is the Ultimate Sophistication - Da Vinci
Getting the most out of this forum
 
ik3umt
Member Candidate
Member Candidate
Topic Author
Posts: 248
Joined: Tue Jul 08, 2014 3:58 pm

Re: HotSpot Trial user pre-login https server error

Fri Apr 07, 2017 8:00 pm

No doubt on getting back warnings, already proved....
I just want to understand where is the problem, if it is intrinsic in the browser then....yes, there is not so much to do....
 
User avatar
pukkita
Trainer
Trainer
Posts: 2984
Joined: Wed Dec 04, 2013 11:09 am
Location: Spain

Re: HotSpot Trial user pre-login https server error

Fri Apr 07, 2017 8:10 pm

There is no problem to fix, HTTPS is designed exactly to prevent this.
Simplicity is the Ultimate Sophistication - Da Vinci
Getting the most out of this forum

Who is online

Users browsing this forum: No registered users and 47 guests