On our captive portal we just run a cron job once a day to pull the latest OCSP IP addresses to be whitelisted, and never have had a problem with SSL.
Dale Thus spake Hanset, Philippe C ([email protected]) on Mon, Dec 02, 2013 at 06:58:24PM +0000: > Many places have problems with OSCP... they don't let users that join the > portal > check for the OCSP validity (forget to allow for this in firewall) of the > portal's certificate. That will make some OSes that > don't automatically switch to CRL fail. > Or worse, certificate providers change the IP address of their OCSP servers, > and portals and firewall were > configured with a static IP address of the OCSP servers... that can make > portals fail as well. > It would be nice to allow to check everything by name, but some firewalls are > still finicky about that! > > Philippe Hanset > www.eduroam.us > > > > On Dec 2, 2013, at 1:02 PM, "Osborne, Bruce W (Network Services)" > <[email protected]> > wrote: > > > Why do you say there are portal issues with https? Other than certificate > > error messages, http & https redirects work fine with Aruba wireless. I > > know I had issues with https & portals a few years ago when I tried portals > > with Cisco LWAP APs. > > > > > > Bruce Osborne > > Network Engineer > > IT Network Services > > (434) 592-4229 > > > > Liberty University | Training Champions for Christ since 1971 > > > > -----Original Message----- > > From: Arran Cudbard-Bell [mailto:[email protected]] > > Sent: Friday, November 29, 2013 2:25 PM > > Subject: Re: 802.1x vs web-portal > > > > On 19 Nov 2013, at 21:00, Ken LeCompte <[email protected]> wrote: > > > >> One major consideration is that the use of https for more and more > >> webpages is resulting in more confused users not getting redirected to > >> captive portal login pages. > > > > A workaround for some devices would be to to add a WISPr responder to the > > portal. It will work will all recent iOS and OSX devices, some Windows > > Phones, and Windows 8/8.1. > > > > http://msdn.microsoft.com/en-us/library/windows/hardware/dn408675.aspx > > > > There is no perfect solution to portal redirection, but WISPr does seem a > > good way forward. > > > > -Arran > > > > Arran Cudbard-Bell <[email protected]> FreeRADIUS Development Team > > > > ********** > > Participation and subscription information for this EDUCAUSE Constituent > > Group discussion list can be found at http://www.educause.edu/groups/. > > > > ********** > > Participation and subscription information for this EDUCAUSE Constituent > > Group discussion list can be found at http://www.educause.edu/groups/. > > > > ********** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
