Some terminals at a certain location cannot access the portal page, and the page shows that the connection is not secure

null

Customers report that when some PCs connect to wireless, the portal redirection page will show insecure and they cannot connect to wifi. However, other PCs can connect to wifi normally and do not show the redirect page as unsafe.

Since some PCs can connect to wireless WiFi and some cannot, it can be judged that the problem is not with our device, but most probably with the customer"s PC. And the pop-up of the website is not secure, also lead the problem to the focus of SSL certificate.

By comparing the normal and abnormal PC information provided by the customer, the analysis focused on the certificate section.

certification of normal PC：

certification of abnormal PC：

It can be clearly found that there is a big difference between the certificates trusted by the two types of PCs, with normal PCs being newer and trusting more certificates, and abnormal PCs being older and trusting few certificates. This is the reason why some of the older PCs cannot access the Internet normally.

Using the command:

<Sysname> system-view

[Sysname] ssl server-policy policy1

[Sysname-ssl-server-policy-policy1] certificate-chain-sending enable

The certificate-chain-sending enable command is used to configure the SSL server side to send a complete certificate chain during SSL negotiation.

By the way, only when the SSL client does not have a complete certificate chain to verify the digital certificate on the server side, please use this command to request the SSL server side to send a complete certificate chain to the other side during handshake negotiation to ensure the SSL session is established properly. Otherwise, it is recommended to disable this feature to reduce the network overhead during the negotiation phase.