Security

 View Only
Back to discussions
Expand all | Collapse all

External Captive Portal ERR_SSL_PROTOCOL_ERROR

This thread has been viewed 14 times

  • 1.  External Captive Portal ERR_SSL_PROTOCOL_ERROR

    Posted Jun 06, 2022 03:40 PM

    Hey everyone we are trying to configure a external captive portal using the Aruba Virtual Controller but have been running into issues when trying to sign into the network, everytime the controller tries to preform the redirect to our external portal we receive a SSL_PROTOCOL_ERR thrown by the browser. 

    Outlined below is the issue we are facing along with the configuration settings. Hopefully someone here has faced something similar and can help point us in the right direction.

    Thanks.

    Issue:
    Trying to set up an external captive portal using the Aruba Virtual Controller running firmware 8.0.x but running into a SSL_PROTOCOL_ERR when trying to load the WiFi login page.

    The authentication method is through the internal RADIUS.
    Access Roles have been created that allow traffic to come from and to qa.tolive through both HTTP and HTTPS. As well as enforcing the Captive Portal for the Network Group.
    The domain has also been whitelisted on the controller.
    The external login page is being served from a NGINX server which preforms HTTP rewrites and the domain is:
    The Virtual Controller has a wildcard cert installed for the CA that matches *.tolive and was distributed by GoDaddy. This is the same cert that is uploaded on the NGINX server.

    In the VC's settings we have tried the following settings which at one time allowed us to access the login page but no longer works:

    IP or hostname: qa.tolive.com
    URL: /wifimh
    Port: 80
    Use https: False

    Other settings that we have tried but still receive the SSL error on
    IP or hostname: 199.115.127.42 (also have tried these settings but with qa.tolive.com & https://qa.tolive.com)
    URL: /wifimh
    Port: 443
    Use https: True

    IP or hostname: 199.115.127.42 (also have tried these settings but with qa.tolive.com & https://qa.tolive.com)
    URL: /wifimh
    Port: 80
    Use https: True

    IP or hostname: 199.115.127.42 (also have tried these settings but with qa.tolive.com & https://qa.tolive.com)
    URL: /wifimh
    Port: 80
    Use https: False

    Current broken flow:
    user selects WiFi name --> receives phone notification/browser popup asking to sign in to network --> page loads but then errors out stating error: SSL_PROTOCOL_ERR

    The webpage is an Angular application but I have also tested with a bare bones HTML only webpage that only had the content of 'hello world' and the SSL issue still persists.

    Hardware:
    Aruba Instant On with multiple(over 100) AP's - AP15 is the model number

    Software:

    Aruba Virtual Controller 8.0.x



    ------------------------------
    testing toruble
    ------------------------------


  • 2.  RE: External Captive Portal ERR_SSL_PROTOCOL_ERROR

    Posted Jun 09, 2022 04:53 AM
    Hello,

    I've run a quick test from my Instant AP. I noted that I was able to browse to qa.tolive.com so just decided to give this a try.

    I've configured the External Captive Portal Settings:

    I've configured the SSID:

    So far I am being redirected and I don't appear to be receiving an SSL error. But I am getting 401 authorization required with this configuration. 

    When I browse there from a browser on a non-captive client I note that the auth popup looks like it's digest based:
    I'm not 100% sure but I'm wondering if this is the issue - maybe it's an unsupported portal auth type?
    Original Message


Related Content