In an Out-Of-Band Edge architecture, the user device will request both the Edge and the central controllers.
As described in the flow diagram of Out-Of-Band Edge documentation, the user will:
- firstly be redirected to the captive portal of the Edge
- that will redirect the user to the captive portal of the Central (the customer then enters his credentials)
- If accepted by the central controller, the user device will send a last message to the Edge controller so that it gets locally connected
Because the user device will commmunicate with both Edge and central controllers, and in order to avoid any security alert on the user browser, the Edge and central controllers must have different domain names, each certified by a public certificate (and not self-signed).
While the Edge controllers can keep the default domain name and certificates, you need to define a new domain name on the central controller and buy and install the matching certificate on the central controller.
For more information about how to generate new certificates, you can refer to the article on customized certificates.