Invalid Signature error when downloading Passpoint profile on Windows
Due to change of logic introduced in Windows update in the past few months, that was seemingly reversed in the latest Experience Pack, whilst downloading Passpoint profile on Windows machine from the Captive Portal environment, you might encounter the error pictured below:
This is due to the machine behind captive portal being unable to reach the OCSP servers to validate the Extended Validation certificate which we are using to sign the Passpoint profile.
If your users have reported the above error, the solution is to add two URLs to your Walled Garden / Pre-auth URL List / Allowed Hostnames:
If your controller only accepts IP addresses in the pre-auth list, then add the following IP addresses:- 172.64.149.23
- 104.18.38.233
Related Articles
Walled Garden List
If your Captive Portal uses external means of authentication (Twitter, Google, Facebook, Okta...etc.), the walled garden list, or the pre-authorisation list on your access point needs to include domain names required for the authentication to be ...Windows – TLS
This page describes the steps required to connect a Windows desktop system to a WPA2-Enterprise secured network using TLS authentication with client certificates. Installing Root CA Certificate For your Windows users to be able to authenticate using ...OpenWrt - Passpoint configuration
Prerequisites OpenWrt compatible device with Passpoint-capable wireless device (PHY). OpenWrt 21.02, or newer, including wpad (hostapd) built with hs20 option. Full version of iw package in OpenWrt. 802.1x infrastructure (RADIUS server). Information ...OpenWiFi - Passpoint configuration
Prerequisites Access to the Controller as a user with administrative privileges. Supported OpenWiFi device - this solution has been tested with EdgeCore EAP101 Information about the assigned RADIUS servers (Server IP address, port numbers, shared ...Windows – PEAP
Connecting a desktop system with Windows 7 to a WPA2-Enterprise secured wireless network using PEAP with MSChapv2 authentication. 1. Click on the wireless connection icon located in the bottom right corner of the screen. A list of available wireless ...