LANCOM devices have a self-signed SSL certificate for HTTPS access. Consequently, any device using HTTPS to access the web interface will display a warning message. For this reason, the default configuration in the Public Spot uses the HTTP protocol, which prevents the warning message from being displayed in a hotspot environment.
However, many scenarios require the Public Spot to use an SSL certificate in order to transmit the login and status pages in encrypted form. An easy way to obtain an SSL certificate for HTTPS is to use the ACME client (Automatic Certificate Management Environment). This uses the DNS name of the router (DynDNS or DNS name assigned to a fixed IP address) to send a Certificate Signing Request (CSR) to the provider Let's Encrypt, and obtains an SSL certificate from them.
This article describes how the ACME client is used to obtain an SSL certificate, and how this is used in the Public Spot.
LCOS only supports one SSL certificate for access via HTTPS. The certificate obtained via the ACME client is therefore used both in the Public Spot and in WEBconfig. |
1) In the router configuration, go to the menu Certificates → ACME client and adjust the following parameters:
2) Go to the menu Public Spot → Authentication and activate the option HTTPS – Public Spot login and state pages are encrypted during transfer.
3) Go to the menu Public Spot → Server → Operational settings.
4) As the Device hostname, enter the DNS name of the router set in step 1 (in this example hotspot.domain.com).
5) Go to the menu DNS → General → Host names.
6) Adjust the following parameters:
7) This concludes the configuration steps. You can now write the configuration back to the device.
Status information about the ACME client can be viewed in LANmonitor under Certificates → ACME client. In case of problems obtaining certificates via the ACME client, the ACME trace can be used for troubleshooting (via LANtracer or via the CLI). |