My users are not very PC savy so when Firepower redirects them to the captive portal, sometimes they do not click continue to proceed to the portal (since its a untrusted https site), so i want to apply a internal trusted cert to it so it takes them directly to it.
so how can i apply a certificate to my captive portal ??
When you setup captive portal it gives you the option to select the certificate from among those installed on your server.
So first get and upload a certificate onto FMC and it will then be available for use. If you have a wildcard certificate issued from a trusted CA for organizational internal use, that usually works fine.
hey, for the cert to work it needs to point to a name. now how do i make firepower redirect the user to a URL instead of an IP?
becuase this is what i get for the captive portal
I'm not sure if you can do that currently. I would suggest openeing a TAC case to check.
If it was your own internally generated certificate, you could make the CN equal to the IP address or alternatively add a Subject Alternative Name (SAN) of the IP address.
When using HTTP Response page Firepower will not redirect to hostname. Thus captive portal as people are used to using it is broken. Especially so in a BYOD environment (Universities, Hospitals, Hotels, Restaurants, Malls, etc) Clicking through SSL warnings is terrible posture, especially for a security company. See bug here:
If possible please open a case under this bug and contact your account rep to get some exposure. For some reason this is listed as an "enhancement"q
Captive Portal was working by using the FQDN in version v6.2.3 now after the update to v188.8.131.52-37, the bug is back and using the IP address instead causing certificate errors. Even with an IP as SAN you still get the certificate warning in Firefox.