Skip to end of metadata
Go to start of metadata


Information:

If a user is not logged on to a LANCOM Public Spot and tries to access an HTTPS page directly (e.g. https://www.google.com), the following occurs:
  • The LANCOM Public Spot redirects the request to itself in order to deliver the log-in page.
  • Since TLS/SSL is performed by the browser and the Public Spot forwards the request to its own login page, the LANCOM becomes the endpoint of the TLS connection.
  • The browser expects a TLS certificate issued for www.google.com, but it receives the LANCOM's own certificate (or the one uploaded previously), which is not issued for www.google.com.
  • The certificate warning is displayed.


When the user is logged on to the Public Spot, there is no further intervention in the TLS connection. There is no man-in-the-middle process employed, for example to filter traffic.

Security concerns can be excluded by initiating the Public Spot login via a non-HTTPS page (e.g. http://www.wetter.de), which then calls the desired HTTPS page.