Showing results for 
Search instead for 
Did you mean: 

ASA Captive Portal Certificate


My users are not very PC savy so when Firepower redirects them to the captive portal, sometimes they do not click continue to proceed to the portal (since its a untrusted https site), so i want to apply a internal trusted cert to it so it takes them directly to it. 

so how can i apply a certificate to my captive portal ??

6 Replies 6

Marvin Rhoads
Hall of Fame Community Legend Hall of Fame Community Legend
Hall of Fame Community Legend

When you setup captive portal it gives you the option to select the certificate from among those installed on your server.

So first get and upload a certificate onto FMC and it will then be available for use. If you have a wildcard certificate issued from a trusted CA for organizational internal use, that usually works fine.

hey, for the cert to work it needs to point to a name. now how do i make firepower redirect the user to a URL instead of an IP?

becuase this is what i get for the captive portal

Marvin Rhoads
Hall of Fame Community Legend Hall of Fame Community Legend
Hall of Fame Community Legend

I'm not sure if you can do that currently. I would suggest openeing a TAC case to check.

If it was your own internally generated certificate, you could make the CN equal to the IP address or alternatively add a Subject Alternative Name (SAN) of the IP address.

When using HTTP Response page Firepower will not redirect to hostname.  Thus captive portal as people are used to using it is broken.  Especially so in a BYOD environment (Universities, Hospitals, Hotels, Restaurants, Malls, etc) Clicking through SSL warnings is terrible posture, especially for a security company.   See bug here:

If possible please open a case under this bug and contact your account rep to get some exposure.  For some reason this is listed as an "enhancement"q

Captive Portal was working by using the FQDN in version v6.2.3 now after the update to v6.2.3.6-37, the bug is back and using the IP address instead causing certificate errors.   Even with an IP as SAN you still get the certificate warning in Firefox.  

I have the same problem.
I cannot avoid this annoying cert warning.

Appreciate if someone can share the solution of this issue.


Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers