You cannot use a self signed certificate on any web page. Google will violently protest a self signed certificate. Firefox will complain loudly. Safari will protest. Edge will have a fit. You must have a properly signed certificate installed in your portal webpage. Though PacketFence will generate a self signed. You do have to have a real signed certificate to have this work. It's just how the web works. If you turn off the https then browsers will continue to get louder in their protests. Though right now unencrypted pages will work. If you look at the menu bar of the page it will report an unsafe page.
> On Oct 5, 2018, at 2:10 AM, Cezary Barciński via PacketFence-users > <packetfence-users@lists.sourceforge.net> wrote: > > Hello again, > > I still have problem. Let me summarize and explain step by step: > > 1. I turn on HTTPS redirect and restart the service. > 2. Unregistered user connects to the network, gets IP. > 3. User opens a web browser with default webpage on his computer like > for example - google.com <http://google.com/>. > 4. Now, portal should redirect the user to the registration webpage but > it doesn’t. User gets information that google.com <http://google.com/> uses > wrong certificate – certificate not trusted, and user doesn’t even have > option to accept self-signed cert. Mozilla says: Error: > MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT. > 5. With HTTPS redirect disable all is good, but then registration > portal is based on HTTP and I wouldn’t like to users to register/login with > plain text password. > > Any thoughts ? > > > śr., 3 paź 2018 o 19:28 Nicolas Quiniou-Briand via PacketFence-users > <packetfence-users@lists.sourceforge.net > <mailto:packetfence-users@lists.sourceforge.net>> napisał(a): > Hello Cezary, > > On 2018-10-02 04:48 PM, Cezary Barciński via PacketFence-users wrote: > > I was convinced that packetfence generates self-signed certificate > > automatically and after turning on HTTPS option I would have to accept > > that cert in a web browser and would be able to see the portal login page. > > PF will work exactly like this. > > > I’m also afraid about this: > > > > “Force the captive portal to use HTTPS for all portal clients.Note that > > clients will be forced to use HTTPS on all URLs.This requires a restart > > of the httpd.portal process to be fully effective.” > > > > Does it mean that when I implement SSL and turn the HTTPS option on, > > users won’t be able to browse classic HTTP websites? What about other > > services like internet radio, games etc? > > No. > -- > Nicolas Quiniou-Briand > n...@inverse.ca <mailto:n...@inverse.ca> :: +1.514.447.4918 *140 :: > https://inverse.ca <https://inverse.ca/> > Inverse inc. :: Leaders behind SOGo (https://sogo.nu <https://sogo.nu/>), > PacketFence > (https://packetfence.org <https://packetfence.org/>) and Fingerbank > (http://fingerbank.org <http://fingerbank.org/>) > > > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > <mailto:PacketFence-users@lists.sourceforge.net> > https://lists.sourceforge.net/lists/listinfo/packetfence-users > <https://lists.sourceforge.net/lists/listinfo/packetfence-users> > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
