Redirect HTTPS traffic to the captive portal

[humitos]

When you hit a HTTPS webpage for the first time, it's not redirected to the captive portal. We need to do this because the user won't know what is going on.

So, we need to create a certificate for that, accept the request on nginx and return a redirect to the portal.

The certificate won't be valid, so, the user will have to accept this. Is there another way to do this? Something like "converting the https request into an http"?

[humitos]

https://letsencrypt.org/

[gamba47]

The whole definition of "captive portal" revolves around "redirecting the user without his/her knowledge", which is exactly one of the things SSL was created to avoid.

I think there is no way to solve this problem. Maybe using DNS. I'm reading about this.

cheers.
Emiliano - gamba47

[humitos]

Yeah, I understand, but how we can do to reditect users to the portal when they write facebook.com, for example?

Today, it does nothing. It keeps trying a nothing happens until it reaches timeout. Thats annoying.

[gamba47]

It's true and looks like there is no way to solve yet. You can't redirect https to http at this moment.
I'm reading about this but looks like all in the same :(

[gamba47]

Just for the record:

https://github.com/vtsatskin/FX-Captive-Portals-Design/blob/master/detection.md
https://github.com/wkumari/draft-wkumari-dhc-capport