Unable to grab Certificate information

Hi, currently my company has bought a WLan Controller for users to login to wireless internet by their LDAP account provided from our company.

The WLAN controller is 4IPNet WHG515

Steps:
1.User can use their device to connect to wireless internet( no password required)
2.User can only access to websites on white list, without or before login.(webpage login)
Ex: my company website, web mail etc…
so, WAN is restricted, until they login.

Problem:
Certificate info looks normal on my own computer which have normal access to Wan.
I have added letsencrypt.org and identrust.com to white list, (wildcard apply to before and after domain name)

And Clients who access to login page still face a problem that it can no grab certificate information
and it shows that this page is not secure.

Is there any other domain or IP address that im missing out and it should be added to white list in order for the certificate to grab information from other certificate servers?

Thanks

Hi @mvradio,

It’s possible that the whitelist is unrelated to this problem. However, one place that some clients would need to connect in order to check the continuing validity of the certificates is http://ocsp.int-x3.letsencrypt.org/. If connections there are blocked, some clients would complain that they can’t confirm the certificate is still valid.

Please note that this particular service is hosted by the Akamai CDN, so it does not have a single IP address worldwide, but a large number of different IP addresses depending on where it’s accessed from (and the IP address used could potentially change over time).

1 Like

get the cert from the login page:
openssl s_client -connect IP:443

it may clue you in on where to update the page that shows them the insecure login page.

1 Like

By adding http://ocsp.int-x3.letsencrypt.org to wallgarden works!

Thanks

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.