nevansm

I've had an huge increase in troubles connecting to wifi in the United Club recently. Chrome thinks the page is insecure, IE hates it too, Edge complains, the only thing that will work reliably to sign-in is Opera.

I work in IT, so it's not like I'm a complete moron when it comes to these things. I noticed the SSL cert that UA has on the portal page does expire on 7/25, but that shouldn't stop things from working today.

Yes it's a petty complaint, but it should _just work_ and it doesn't. And it's annoying to spend 2-3 more minutes of an already short layover trying to get on the damn wifi to send some emails.

Has anybody else had this issue?

docbert

The error you're getting is "NET::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED" - Google it (and ignore the references to Symantec which is an old/different problem) and you'll find lots of information on it, most of which the average person will have little hope of understanding.

In simple terms, yes, it's broken. It's been like it for months, and UA can (but haven't yet) fixed it. Hopefully when they renew their cert in coming weeks (presuming they remember to do so - Turkish Airlines forgot and their onboard wifi was returning errors for a few weeks as a result!) they will do it right and the error will stop.

I haven't actually bothered checking their club certificate, but I suspect it's got more to do with the fact that your browser can't get to the CT site to actually check (due to the captive portal) rather than the CT not being setup correctly, but I could be wrong.

Halo117

My workaround is if the browser is giving issues to the splash page, just type in unitedwifi.com

Gets u to the portal so u can login.

gokeeper

I believe the "insecure" message you got is because of you typed in an url with https ecryption, then cause certificate mis-match when you are redirected the wifi portal.
My solution is always use stand http webpage to activate the login page, ans it works well.

mozilla

Since more and more websites are migrating to HTTPS only, consider bookmarking NeverSSL which promises to "never" migrate to HTTPS.

This wouldn't be a cause for the transparency required error though.

NgatesSEA

+1. I also use 1.1.1.1 (type this address in your browser) to force a wifi login page when trying to access club, in-flight, hotel, etc. wifi.

tarheelnj

I almost always have to use this approach (1.1.1.1) with my laptop. My phone and tablet seem to pull up the login page without problems, usually.

jgreen1024

I work for a Wi-Fi company where we're commonly dealing with things like certificates and captive portals. The big problem here is the browser vendors being hyper-aggressive about applying new security "standards" without understanding/caring about the impact. Google thinks to themselves "Well we can just run a script that will instantly upgrade the server certificates on all our websites, so everyone else can just do it too." Then they change Chrome so it starts showing "insecure" messages for stupid little things - sometimes these days I can't even understand what it is the browser doesn't like, and I have a pretty good understanding of PKI.

Our customers, by and large, do NOT have a good understanding of PKI, and getting that captive portal certificate working in the first place may have taken them hours of experimentation. Then they promptly forget everything they learned as they go back to their usual job for three years until the certificate expires. But now, because of the browser vendors, that three year window sort of gets randomly interrupted and users start complaining. And if you've deployed, say, a global network in a couple hundred airports and you've distributed captive portal certificates to each location - well, you might have a huge amount of work to get them all replaced. (Most people with large networks like that use centralized portal servers, but I know of some where a central server just wasn't in the budget.)

I give high marks to Google for pushing the state of security along. But their way of operating can be very disruptive.

NgatesSEA

Good point - my iPhone and iPad do normally connect with less hassle than my laptop.

1P

Well, my Android phone and tablet do not. I am told that Google is not secure. Your options are limited to "Get me out of here", nothing else. I'd be quite happy to carry on, but am not allowed to do so. On the laptop, none of these problems ever occur.