Feature #3388
closed
- Status changed from New to Rejected
Just do not configure https authentication!
I believe you are missing the point.
This enables administrators to utilize HTTPS CP authentication, which might be necessary to protect login credentials.
It also allows administrators to prevent throwing certificate errors at users in the event the initial site visited is an https site.
The initial forward and the HTTPS CP page are not mutually dependent.
We, as an industry, should do everything we can not to train our users to click through certificate errors.
Use a signed certificate on your CP!!!
You're still misunderstanding. If the initial connection by the user prior to CP authentication is to, say, https://www.google.com/, the ipfw forward rule creates a MITM. The browser expects a certificate from www.google.com but gets a cert from my-captive-portal.example.com instead and a certificate error is presented to the user. Doesn't matter if it's signed by a trusted root or not.
that's reasonable, submit that as a pull request in github and we'll get it merged.
Also available in: Atom
PDF