Hi,

we're running FDM on Firepwower Appliances ver 7.1 and try to configure captive portal to protect an internal web service. 

With SNORT v3 we were not able to get that to work at all. Since we downgraded to SNORT v2 it works as expected. The only thing that we couldn't figure out so far is how to configure certificates for this type of service.

All documentation that we found assumes that internal users connect to external services through captive portal authentication.

But in our case external users should access an internal https service through captive portal. And we cannot expect these external users to import the root certificate of our firewall to their trusted root certificate store. Therefore they always get an certificate error when they get redirected to the portal.

We could not find any clear documentation about which certificates we would need where to overcome that behaviour. We tried to load official certificates with correct chain, but the browser does never get this certificate. Instead it gets a certificate that is signed with the certificate that we installed which again is untrusted because the issuer is now the DN from the original cert and not the CA that issued the original cert.

Is there any way to get captive portal to provide official certifcates to the browsers so they won't see certificate errors or warnings when they connect?