captive portal shows a problem occurred the web page couldn't be loded

I am being told by some of our users that if/when you get the above error when trying to connect to a public WiFi network you go to your web browser e.g. Safari and type the following address in -

captive.apple.com

This gets past this problem and lets you successfully connect. This was at least the case with Mojave 10.14.2, I am getting a user to retest this with 10.14.3.

As I said, put a complete URL in the navigation bar. It does not matter what the URL is as long as it is publicly accessible. Depending on the hot spot you are trying to connect to this has worked the same way for years.

This appears to be being caused by a change made by Apple in Mojave compared to previous versions.

I get the impression this is part of an intended security improvement but Apple sadly do not provide details of most of the changes they make leaving it to users to discover and 'fix' the resulting problems. In this case I believe it is intended to help prevent users from connecting to 'fake' WiFi hot-spots that might be setup in public areas to 'entice' people to connect and allow the cyber-criminal to then eavesdrop on their Internet use.

From what I have found the new 'rules' Mojave are imposing are as follows.

• The captive portal must have a fully qualified domain name e.g. portal.domain.com
• The captive portal must use an SSL certificate
• The captive portal SSL certificate needs to be 'trusted'
• Since the SSL certificate needs to be trusted - typically by guest visitors you cannot realistically use a self-signed SSL certificate you therefore need to get a purchased certificate or possible use one generated via LetsEncrypt, these will automatically be trusted

In reality it seems at the moment a lot of captive portals are using self-signed certificates often generated by default and hence are not trusted by Mojave and hence are being blocked.

If a captive portal is setup based on the above rules it is regarded as less likely to be a fake one and hence Apple allow you to then use it.

Note: Whilst this is so far most affecting Macs running Mojave I believe newer versions of Android may also have started making a similar change for the same reason. If iOS has not yet done so almost certainly iOS 13 will.

Enter a complete url in your browser address bar and try to navigate to the page.

This might work (unlikely I would think) but is not a realistic solution since your average user goes to the WiFi menu selects the network name and it then automatically triggers the client device into visiting the captive portal web page. Expecting users to know how to manually enter a typically unknown URL to get round this is not going to work. (If you meant entering a standard web site address this will not work since the whole point of a captive portal is to force the user to typically register via that captive portal before they get given Internet access.)

For administrators running a guest WiFi in an office they should get their finger out and set it up properly.

In our case for road warriors I have proposed providing SkyRoam personal 4G/WiFi devices. See - https://www.skyroam.com

Enter a complete url in your browser address bar and try to navigate to the page.