Using a custom certificate with Captive Portal

Upload the custom certificate and its key to the Content Gateway machine and update the following variable in records.config to force a custom certificate to work with Captive Portal.

CONFIG proxy.config.ssl.use_custom_cert_for_captive_portal

On the Content Gateway machine.

Steps

  1. Copy the custom certificate and its key to the /opt/WCG/config directory
  2. Make a backup of the /opt/WCG/config/ssl_multicert.config file
  3. Open /opt/WCG/config/ssl_multicert.config with a text editor and make and:
    1. Comment out the default entry
    2. Add a new entry specifying the custom certificate and its key. For example:

      name=auth_server dest_ip=* ssl_cert_name=custom_cert.crt ssl_key_name=custom_key.key

      Note that ssl_multicert.config file can only have one entry. It does not support multiple entries.

  4. Make a backup of records.config. (Default location: /opt/WCG/config)
  5. Run the following command to check the current value of the parameter. By default, the value is 0.
    /opt/WCG/bin/content_line -r proxy.config.ssl.use_custom_cert_for_captive_portal
  6. Run the following command to enable the feature and make the custom certificate work with captive portal.
    /opt/WCG/bin/content_line -s proxy.config.ssl.use_custom_cert_for_captive_portal -v 1
  7. Restart Content Gateway.
    Important: Enable this parameter only if you have a custom certificate to be uploaded to the proxy. If the parameter is enabled but no custom certificate is entered in ssl_multicert.confg, the proxy can run into unexpected issues.