Captive Portal Certificates

The Setting Captive Portal Certificates Screen displays information about all Captive Portal Certificates and is used to add, activate, edit, delete, certificates. Captive Portal Certificates are utilized to implement the HTTPS login when UPAM is used as a Captive Portal Server. During authentication, the certificate is used to establish the SSL secure connection between the client and UPAM. UPAM provides a default certificate with the specific redirect URL of the Captive Portal page. You can customize the portal page redirect URL, and upload and activate a custom certificate.

Adding a Certificate

Click on the Add icon to bring up the Create Captive Portal Certificates Screen. Click on the Upload button to upload a Server Certificate File, then click on the Import button to import the file into UPAM. Repeat the process to upload and import the Server Key File.

Enter a Name for the Certificate, a Private Key Password to encrypt the key file when generating the Server File, and enter a Selected FQDN. Click on the Create button. The certificate can now be activated.

Note: The Certificate Files only support PEM or DER encoded certificates (e.g., .pem., .cer, .der, .crt).

Note: If you use the default certificate, the password is "password".

Note: If necessary, you can generate a new Captive Portal Certificate.

Activating a Certificate

Select a Certificate in the Captive Portal Certificates List and click on the Activate Button. You can only have one active certificate. If you activate a new certificate, it replaces the previously-activated certificate.

Deleting a Certificate

Select a Certificate in the Captive Portal Certificates List and click on the Delete icon. Click OK at the Confirmation Prompt. Note that you cannot delete an active certificate. You must first activate a different certificate before you can delete it.

Generating a Certificate

Follow the steps below to generate a Captive Portal Certificate.

1. Create the CA.crt and CA.key: openssl req -new -x509 -keyout ca.key -out ca.crt -config openssl.cnf –days 3650.

2. Create the server for the certificate: openssl genrsa -des3 -out server.key 1024 –days 3650.

3. Create a CSR (Certificate Signing Request): openssl req -new -key server.key -out server.csr -config openssl.cnf.

Note: Input the password of the server.key and the specific website domain name for applying for the SSL certificate (e.g., *.example.com).

4. Sign the server.csr with CA.crt to generate a sever certificate: openssl x509 -req -CA ca.crt -CAkey ca.key -in server.csr -out server.cer -days 3650 –Cacreateserial.

5. Add and activate the certificate.

Captive Portal Certificates List

The Captive Portal Certificates List displays information about all imported Captive Portal Certificates.

• Name - Identifier for the certificate item in Captive Portal.
• Server File Name - The name of certificate file in the Captive Portal Server.
• Key File Name - The name of the Key File uploaded.
• Validity Start Time - The start date and time when the certificate is valid.
• Validity Stop Time -  The end date and time when the certificate is valid.
• Using Status - Indicates whether the certificate is effective in the Captive Portal Server. Can be activated by administrator.
• Issued By - The certification authority (CA) that issued the certificate.
• Issued To - The entity to which the certificate is assigned.
• Expiry Status - Indicates whether the certificate is Expired or Unexpired.
• Selected FQDN - The FQDN presented in the captive portal redirect URL instead of captive portal server IP address.