SSL Certs - Ruckus & SmoothWall Devices.

[MYK-IT]

Hi,

Can anyone please advise what type of SSL Certificates I would require (with an indication of supplier/cost) to install suitable SSL Certificates on our Ruckus and SmoothWall appliances?

Using the builtin certificates are not a problem for our domain joined computers etc (as they use NTLM Authentication not SSL; and I know that I could push the certifciates out via GPO).
The issue is with personal devices connected to the wireless.

During the initial authentication process (Ruckus) it is yet another delay/prompt to accept and proceed with the unknown certificate etc.
It's not a major issue, but it would be nice to streamline the whole authentication process.

Thanks,

[StuartWhite]

You need to generate a CSR from the Ruckus ZD and get it signed by a CA.

Thanks
Stu

[MYK-IT]

Thanks Stu,

Ruckus
I've not purchased a SSL Cert before etc, what exact details do i enter, as I get the impression a full WWW URL domain is required to generate etc.
The Ruckus is only accessible internally, so would be a internal IP address, or ruckus.{internal domain}.local at most.

Any recommendations on type os certificate and/or supplier?


Smoothwall
Same scenario discussed here:
http://www.edugeek.net/forums/smooth...ate-logon.html

Many Thanks

[Domino]

For internal machines, yes a domain signed cert is fine.

For external ones what you need is a cert that comes from a common trusted root CA. Personally we use goDaddy, but I know there's a few CAs offering free ssl certs for schools, a quick forum search should scare them up.

Don't worry about the domain name being internal, the cert just says that the trusted ca says this site is who they claim to be.

[MYK-IT]

Thanks Domino,

But I still don't quite grasp exactly what I require.. just been to godaddy website and they have:

• Standard SSL
  Single Domain
  Multiple Domains
  Single Domains with Unlimited Sub Domains (wildcard)

Initially I require a SSL Certificate for both Ruckus and SmoothWall so that users don't have to keep accepting the certificate from each product when logging onto the wireless etc.

Long term, a SLL Certificate for future projects like HAP+ and Moodle etc would be required (I assume this would be a different set of certificates?)

[Domino]

Stuart will tell you definitively, but I don't think the ZD will accept a SAN cert, as it wants it's own from a CSR.

So really you'd want two Standard ssl certs, one for the zd and one for the smoothwall. then future projects like HAP+ and Moodle may be able to be under a wildcard cert for external publishing :-)

[IrritableTech]

We used IPS CA for our ruckus certificate. Free 2 year cert for education... SSL Certificate Authority low-cost, fully-validated 38$ SSL and 276$ Wildcard Certificates

In your ZD go to Configure - Certificate. Fill in the info and click Apply. This generates a CR (certificate request) and use this file on the IPS CA website (or as @Domino suggests, there are plenty of others) then they will generate a certificate for you.

[MYK-IT]

Update:
I've created a SSL Cert with IPS CA, after generating a CR with ZoneDirector.
The SSL Cert has been installed and the ZoneDirector rebooted

The instructions from IPS CA state about installing additional certificates (from their website) onto our webserver.
Not sure of this; as instructions mention IIS etc, and this is for Ruckus Authentication before you get Internet access but i I added their 'bundle pack' into SmoothWall CA Cert section all the same.

Tried to access https://{url} and the web browser still state:

There is a problem with this website's security certificate.
The security certificate presented by this website was not issued by a trusted certificate authority.
Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.

Sorry for being a noob.

[IrritableTech]

Oh yes I remember this now....

I think I installed the certificate into a browser, and the additional ones. Then I exported the whole certificate into one file which could be imported to the ZD...

Let me have another look to see if I made any notes.

[IrritableTech]

This page... http://certs.ipsca.com/Support/CSRBarracuda.asp suggests you might just be able to copy and paste the text from the different certificates into one file in the format

Code:

-----BEGIN CERTIFICATE-----
(the signed certificate, several lines of indecipherable text with no spaces)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(the intermediate certificate, several lines of indecipherable text with no spaces)
-----END CERTIFICATE-----

If that doesn't work for you, I'll do some more digging.

[SwedishChef]

Did you get this sorted, I'm looking to do the same.

Update:
I've created a SSL Cert with IPS CA, after generating a CR with ZoneDirector.
The SSL Cert has been installed and the ZoneDirector rebooted

The instructions from IPS CA state about installing additional certificates (from their website) onto our webserver.
Not sure of this; as instructions mention IIS etc, and this is for Ruckus Authentication before you get Internet access but i I added their 'bundle pack' into SmoothWall CA Cert section all the same.

Tried to access https://{url} and the web browser still state:

There is a problem with this website's security certificate.
The security certificate presented by this website was not issued by a trusted certificate authority.
Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.

Sorry for being a noob.

[MYK-IT]

Hi @SwedishChef,

Spooky, I was just about to update this thread to say (to @IrritableTech) that I still haven't managed to get this working.

It is quite an inconvenience for (BYOD) users to click the various security warning prompts etc whilst attempting to authenticate etc.

Not very slick!

@IrritableTech, did you manage to dig out your notes? (the one importing various certificates into web browser and exporting a combined one etc?)

Many Thanks

[IrritableTech]

Sorry no.

I'm just about to do the same thing on a ruckus controller in one of our primaries. I will get back to you.... perhaps even today...

[MYK-IT]

I am still failing to get my head around this!

I'm also still struggling with a SSL Cert for SmoothWall as well! SmoothWall suggest I need a 'website certificate'?

I am assuming that many Edugeeker's have successfully configured and installed SSL Certs for Ruckus / SmoothWall and they wouldn't mind spending 5 mins to share their most sought after knowledge

Many Thanks.

[IrritableTech]

Just about to look at this again. It seems the certificate we got issued for our partner primary did not contain the correct information (our fault, our certificate request was wrong), so I'm waiting for the new one to come back.

Looking at things again. I don't think you should need to include the ipsCA GLOBAL CA ROOT certificate because that one should be in devices anyway (as long as they are all kept reasonably up-to-date). It might just be that you need to create a cert with the level 1 certificate, and your certificate.

I hope to remote into the school this afternoon and attempt to sort out the controller. If I get it working, I will let you know.