Captive Portal X509 CommonName

Home Page Forums Network Management Signal a BUG Captive Portal X509 CommonName

This topic contains 1 reply, has 0 voices, and was last updated by  gareththered 1 year ago.

Viewing 1 post (of 1 total)
  • Author
    Posts
  • #44889

    gareththered
    Member

    ZS has the option to use the commonName from an X509 certificate instead of the IP address of the server in the redirect and popups.

    The latest X509 recommendation is to not use a FQDN as a commonName, but instead add the FQDN to the SubjectAlternateName extensions. Meanwhile, the commonName should be an unique text.

    However, if text (as opposed to a FQDN) is used for a certificate’s commonName, the redirect will fail. What’s worse – if this text has a space the captive portal will not start.

    I believe the Use CN to redirect should be replaced with either:

    • text box where the administrator can enter the FQDN
    • the FQDN of the server
    • a selection of all the SubjectAlterateNames from within the X509 certificate.

    The latest browsers ignore FQDN in the commonName field and only look in the SubjectAlternateName extension; therefore this option is deprecated.

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.