Upload the custom certificate and its key to the Content Gateway machine and update the following variable in records.config to force a custom certificate to work with Captive
Portal.
CONFIG proxy.config.ssl.use_custom_cert_for_captive_portal
On the Content Gateway machine.
Steps
-
Copy the custom certificate and its key to the /opt/WCG/config directory
-
Make a backup of the /opt/WCG/config/ssl_multicert.config file
-
Open /opt/WCG/config/ssl_multicert.config with a text editor and make and:
- Comment out the default entry
- Add a new entry specifying the custom certificate and its key. For example:
name=auth_server dest_ip=* ssl_cert_name=custom_cert.crt
ssl_key_name=custom_key.key
Note that ssl_multicert.config file can only have one entry. It does not support multiple entries.
-
Make a backup of records.config. (Default location: /opt/WCG/config)
-
Run the following command to check the current value of the parameter. By default, the value is 0.
/opt/WCG/bin/content_line -r proxy.config.ssl.use_custom_cert_for_captive_portal
-
Run the following command to enable the feature and make the custom certificate work with captive portal.
/opt/WCG/bin/content_line -s proxy.config.ssl.use_custom_cert_for_captive_portal -v 1
-
Restart Content Gateway.
Important: Enable this parameter only if you have a custom certificate to be uploaded to the proxy. If the parameter is enabled but no custom certificate is entered in
ssl_multicert.confg, the proxy can run into unexpected issues.