Wifi trouble in the United Club?
#1
Original Poster
Join Date: Apr 2007
Location: USA
Programs: 1K 1MM; Bonvoy Ambassador; Nat'l EE; Hertz PC; Hyatt Globalist
Posts: 2,465
Wifi trouble in the United Club?
I've had an huge increase in troubles connecting to wifi in the United Club recently. Chrome thinks the page is insecure, IE hates it too, Edge complains, the only thing that will work reliably to sign-in is Opera.
I work in IT, so it's not like I'm a complete moron when it comes to these things. I noticed the SSL cert that UA has on the portal page does expire on 7/25, but that shouldn't stop things from working today.
Yes it's a petty complaint, but it should _just work_ and it doesn't. And it's annoying to spend 2-3 more minutes of an already short layover trying to get on the damn wifi to send some emails.
Has anybody else had this issue?
I work in IT, so it's not like I'm a complete moron when it comes to these things. I noticed the SSL cert that UA has on the portal page does expire on 7/25, but that shouldn't stop things from working today.
Yes it's a petty complaint, but it should _just work_ and it doesn't. And it's annoying to spend 2-3 more minutes of an already short layover trying to get on the damn wifi to send some emails.
Has anybody else had this issue?
#2
Join Date: Jul 2007
Location: San Francisco/Sydney
Programs: UA 1K/MM, Hilton Diamond, Marriott Something, IHG Gold, Hertz PC, Avis PC
Posts: 8,156
The error you're getting is "NET::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED" - Google it (and ignore the references to Symantec which is an old/different problem) and you'll find lots of information on it, most of which the average person will have little hope of understanding.
In simple terms, yes, it's broken. It's been like it for months, and UA can (but haven't yet) fixed it. Hopefully when they renew their cert in coming weeks (presuming they remember to do so - Turkish Airlines forgot and their onboard wifi was returning errors for a few weeks as a result!) they will do it right and the error will stop.
I haven't actually bothered checking their club certificate, but I suspect it's got more to do with the fact that your browser can't get to the CT site to actually check (due to the captive portal) rather than the CT not being setup correctly, but I could be wrong.
In simple terms, yes, it's broken. It's been like it for months, and UA can (but haven't yet) fixed it. Hopefully when they renew their cert in coming weeks (presuming they remember to do so - Turkish Airlines forgot and their onboard wifi was returning errors for a few weeks as a result!) they will do it right and the error will stop.
I haven't actually bothered checking their club certificate, but I suspect it's got more to do with the fact that your browser can't get to the CT site to actually check (due to the captive portal) rather than the CT not being setup correctly, but I could be wrong.
#4
Join Date: Dec 2011
Location: YYZ
Programs: UA1K MM, JL JMB SAPPHIRE, Marriott Titanium/LTP, Hilton Diamond
Posts: 1,267
I believe the "insecure" message you got is because of you typed in an url with https ecryption, then cause certificate mis-match when you are redirected the wifi portal.
My solution is always use stand http webpage to activate the login page, ans it works well.
My solution is always use stand http webpage to activate the login page, ans it works well.
#6
Join Date: Jul 2007
Location: USA
Programs: UA 1K/*G, Hyatt Globalist, Bonvoy BS, Hertz & Avis Pres
Posts: 653
+1. I also use 1.1.1.1 (type this address in your browser) to force a wifi login page when trying to access club, in-flight, hotel, etc. wifi.
#7
Join Date: Feb 2010
Location: New Jersey
Programs: UA MM 1K, AA MM Gold, Marriott LT Platinum
Posts: 3,235
I almost always have to use this approach (1.1.1.1) with my laptop. My phone and tablet seem to pull up the login page without problems, usually.
#8
Join Date: Oct 2006
Location: IAD
Programs: UA 1K 2MM, Hilton Diamond
Posts: 565
I work for a Wi-Fi company where we're commonly dealing with things like certificates and captive portals. The big problem here is the browser vendors being hyper-aggressive about applying new security "standards" without understanding/caring about the impact. Google thinks to themselves "Well we can just run a script that will instantly upgrade the server certificates on all our websites, so everyone else can just do it too." Then they change Chrome so it starts showing "insecure" messages for stupid little things - sometimes these days I can't even understand what it is the browser doesn't like, and I have a pretty good understanding of PKI.
Our customers, by and large, do NOT have a good understanding of PKI, and getting that captive portal certificate working in the first place may have taken them hours of experimentation. Then they promptly forget everything they learned as they go back to their usual job for three years until the certificate expires. But now, because of the browser vendors, that three year window sort of gets randomly interrupted and users start complaining. And if you've deployed, say, a global network in a couple hundred airports and you've distributed captive portal certificates to each location - well, you might have a huge amount of work to get them all replaced. (Most people with large networks like that use centralized portal servers, but I know of some where a central server just wasn't in the budget.)
I give high marks to Google for pushing the state of security along. But their way of operating can be very disruptive.
Our customers, by and large, do NOT have a good understanding of PKI, and getting that captive portal certificate working in the first place may have taken them hours of experimentation. Then they promptly forget everything they learned as they go back to their usual job for three years until the certificate expires. But now, because of the browser vendors, that three year window sort of gets randomly interrupted and users start complaining. And if you've deployed, say, a global network in a couple hundred airports and you've distributed captive portal certificates to each location - well, you might have a huge amount of work to get them all replaced. (Most people with large networks like that use centralized portal servers, but I know of some where a central server just wasn't in the budget.)
I give high marks to Google for pushing the state of security along. But their way of operating can be very disruptive.
#9
Join Date: Jul 2007
Location: USA
Programs: UA 1K/*G, Hyatt Globalist, Bonvoy BS, Hertz & Avis Pres
Posts: 653
#10
Join Date: Apr 2000
Location: LAX and LHR. UA lifetime Gold 1.9MM 1K , DL Gold Medallion, HHonors Gold, Marriott Gold, Avis President's Club
Posts: 3,592
Well, my Android phone and tablet do not. I am told that Google is not secure. Your options are limited to "Get me out of here", nothing else. I'd be quite happy to carry on, but am not allowed to do so. On the laptop, none of these problems ever occur.