Why am I getting no redirect to the BSC's login page with Windows 7 clients?

Version 1

    Q: Why am I getting no redirect to the BSC's login page with Windows 7 clients?

     

    A: Allow HTTP outgoing to the OCSP and CRL urls of your SSL certificate in the un-registered role.

    The default behavior of many of the browsers today for example Windows 7 with IE8 is if it cannot check the validity of the SSL certificate it considers it invalid. The unfortunate thing is the browser does not display a message or anything to indicate it could not validate the certificate it simply just doesn't display a page or displays a generic page cannot be displayed message. Before a client is authenticated they are placed in the un-registered role. By default the un-registered role only allows DNS outgoing therefore the browser is unable to check the validity of the certificate and doesn't redirect to the login page.

     

    If you go to web logins>ssl certificate on the right hand side you will see the properties of your certificate. There you should see the OCSP (Online Certificate Status Protocol) or CRL (Certificate Revocation List) urls. You may see one or both depending on the certificate. The browser uses these to check the validity of the certificate.

     

    Go to user roles>roles>click to edit the un-registered role>policies and allow HTTP to the OCSP and CRL urls. It is recommended you upgrade to a minimum of 6.5.1.03 before allowing HTTP to the urls as this software release introduces destination hostnames to account for the multiple ip addresses that may resolve to a host name.