+ Post New Thread
Results 1 to 10 of 10
Internet Related/Filtering/Firewall Thread, RUCKUS - Can I switch Zonedirector to use http rather than https in Technical; ...
  1. #1
    BatchFile's Avatar
    Join Date
    Aug 2007
    Location
    Cumbria
    Posts
    963
    Thank Post
    550
    Thanked 129 Times in 107 Posts
    Rep Power
    60

    RUCKUS - Can I switch Zonedirector to use http rather than https

    Just putting my toe in the water coming up with a BYOD system and I want Ruckus to authenticate with AD - that works fine in itself; the annoying bit is that, just like when I log in to the ZD management interface, a certificate error is generated every time with associated scary (for users) warnings.

    I don’t want to faff about spending £260 on a SSL certificate, but I don’t want anyone logging in to get certificate errors either; ZD's online help says:

    “If you use HTTPS to connect to the ZoneDirector Web interface, a security warning appears every time you connect to the Web interface.”
    the “If” in that suggests it should be possible not to use https… where do I switch it off please?

  2. #2

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,821
    Thank Post
    272
    Thanked 1,140 Times in 1,036 Posts
    Rep Power
    351
    260 quid for a SSL cert? you can get them for free in education!

  3. Thanks to glennda from:

    BatchFile (4th July 2012)

  4. #3
    BatchFile's Avatar
    Join Date
    Aug 2007
    Location
    Cumbria
    Posts
    963
    Thank Post
    550
    Thanked 129 Times in 107 Posts
    Rep Power
    60
    Where? where? where?!

  5. #4

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,821
    Thank Post
    272
    Thanked 1,140 Times in 1,036 Posts
    Rep Power
    351
    SSL Certificates SSL Wildcard SSL Free Certificates SSL Server Certificate 256 bits

    Are you going to be using an Internal Hostname though? or Internal IP to redirect?

    You would need the hostname to be correct if the cert is to work. Alternatively you can setup a external hostname but connect to the internal address via setting up a zone for it on your DNS server.

  6. 2 Thanks to glennda:

    BatchFile (4th July 2012), DavidYoung (4th July 2012)

  7. #5
    BatchFile's Avatar
    Join Date
    Aug 2007
    Location
    Cumbria
    Posts
    963
    Thank Post
    550
    Thanked 129 Times in 107 Posts
    Rep Power
    60
    It'd still be much simpler to just turn HTTPS off, so if anyone knows how to do it while I'm figuring the certificate stuff out, please say!

  8. #6

    Join Date
    Nov 2011
    Location
    Kingston Upon Thames
    Posts
    38
    Thank Post
    2
    Thanked 15 Times in 13 Posts
    Rep Power
    12
    Quote Originally Posted by glennda View Post
    Alternatively you can setup a external hostname but connect to the internal address via setting up a zone for it on your DNS server.
    Good idea, I'd wanted to do this for a while, but since we are all .local domains which can't be validated by any CA, we didn't think we could. I've submitted a request for our public domain, and if that works will setup an internal zone. Quick question, the zone should be the entire DNS name right, e.g. ruckus.domainname.org rather than just the domainname.org to allow everything else on that domain to still work?

    Thanks.
    David

  9. #7

    Join Date
    Nov 2011
    Location
    Kingston Upon Thames
    Posts
    38
    Thank Post
    2
    Thanked 15 Times in 13 Posts
    Rep Power
    12
    Quote Originally Posted by BatchFile View Post
    It'd still be much simpler to just turn HTTPS off, so if anyone knows how to do it while I'm figuring the certificate stuff out, please say!
    Much simpler, but you may as well just tell everyone to shout their username and passwords across the playground. The reason why the login page needs to be HTTPS is that the WiFi network you will be connecting to would be unsecure, so you need the security to protect your AD credentials.

  10. #8
    BatchFile's Avatar
    Join Date
    Aug 2007
    Location
    Cumbria
    Posts
    963
    Thank Post
    550
    Thanked 129 Times in 107 Posts
    Rep Power
    60
    Quote Originally Posted by DavidYoung View Post
    but you may as well just tell everyone to shout their username and passwords across the playground.
    They do that anyway!

    Point taken though...

  11. #9

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,821
    Thank Post
    272
    Thanked 1,140 Times in 1,036 Posts
    Rep Power
    351
    Quote Originally Posted by DavidYoung View Post
    Good idea, I'd wanted to do this for a while, but since we are all .local domains which can't be validated by any CA, we didn't think we could. I've submitted a request for our public domain, and if that works will setup an internal zone. Quick question, the zone should be the entire DNS name right, e.g. ruckus.domainname.org rather than just the domainname.org to allow everything else on that domain to still work?

    Thanks.
    David
    Yes just setup the zone as that then when create the record leave the name blank and just put in the IP it will then give it <same as parent> as the name - similar to what you see for DC's in an AD zone.

  12. #10

    Join Date
    Nov 2011
    Location
    Kingston Upon Thames
    Posts
    38
    Thank Post
    2
    Thanked 15 Times in 13 Posts
    Rep Power
    12
    Quote Originally Posted by glennda View Post
    Yes just setup the zone as that then when create the record leave the name blank and just put in the IP it will then give it <same as parent> as the name - similar to what you see for DC's in an AD zone.

    Thanks, I thought so. Thats setup on DNS, got certificate by email, just waiting until downtime to apply it.



SHARE:
+ Post New Thread

Similar Threads

  1. Firefox can't log in to https sites
    By jamin100 in forum General Chat
    Replies: 8
    Last Post: 20th May 2014, 12:58 PM
  2. Replies: 1
    Last Post: 23rd April 2012, 11:28 PM
  3. Live@edu - Can I continue to use existing email service until roll-out complete?
    By sadams1980 in forum Internet Related/Filtering/Firewall
    Replies: 1
    Last Post: 17th February 2011, 11:48 AM
  4. How to use the quiet silent switch to deploy software through group policy
    By thom in forum Network and Classroom Management
    Replies: 5
    Last Post: 13th August 2008, 06:31 PM
  5. Parental Consent to use the internet at school
    By mark in forum School ICT Policies
    Replies: 20
    Last Post: 24th June 2005, 12:18 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •