Redirect to Captive Portal blocked due to certificate error.

Question

Hi 
 I am trying to setup the captive portal to authenticate users connecting to my guest Wi-Fi. 
 As these devices will not have the appliance CA certificate installed, I have disabled the "Captive Portal use HTTPS" option so that users get directed to the portal over HTTP. This seems to work fine when the initial page requested is also using HTTP, but for site like Google and Facebook which force the use of HTTPS I get a invalid certificate error which appear to be due to the XG appliance trying to impersonate the site. 
 I have searched the forum at great length and can find similar issues being reported over the past couple of years, but no real definitive solution or work around for this. Am I just configuring something incorrect or is this an known issue which Sophos have never bothered to fix? 
 
 Thanks 
 Andy

FloSupport · Answer

Hey AND268Y 
 Unfortunately this is the expected behavior as the appliance certificate is self signed and your guest devices are unable to install this. 
 You could also go with the option of using a third-party signed certificate. Or customizing the Captive Portal to include a link for "Click here if you have certificate warnings", then re-directing to an intranet site where they can install your appliance CA.