Captive Portal X509 CommonName

Forums Network Management Signal a BUG Captive Portal X509 CommonName

  • This topic is empty.
Viewing 1 post (of 1 total)
  • Author
  • #44889

    ZS has the option to use the commonName from an X509 certificate instead of the IP address of the server in the redirect and popups.

    The latest X509 recommendation is to not use a FQDN as a commonName, but instead add the FQDN to the SubjectAlternateName extensions. Meanwhile, the commonName should be an unique text.

    However, if text (as opposed to a FQDN) is used for a certificate’s commonName, the redirect will fail. What’s worse – if this text has a space the captive portal will not start.

    I believe the Use CN to redirect should be replaced with either:

    • text box where the administrator can enter the FQDN
    • the FQDN of the server
    • a selection of all the SubjectAlterateNames from within the X509 certificate.

    The latest browsers ignore FQDN in the commonName field and only look in the SubjectAlternateName extension; therefore this option is deprecated.

Viewing 1 post (of 1 total)
  • You must be logged in to reply to this topic.