+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 22 of 22
Wireless Networks Thread, SSL Certs - Ruckus & SmoothWall Devices. in Technical; Originally Posted by MYK-IT I am still failing to get my head around this! I'm also still struggling with a ...
  1. #16

    Join Date
    Oct 2007
    Location
    Northamptonshire
    Posts
    310
    Thank Post
    20
    Thanked 80 Times in 68 Posts
    Rep Power
    43
    Quote Originally Posted by MYK-IT View Post
    I am still failing to get my head around this!

    I'm also still struggling with a SSL Cert for SmoothWall as well! SmoothWall suggest I need a 'website certificate'?

    I am assuming that many Edugeeker's have successfully configured and installed SSL Certs for Ruckus / SmoothWall and they wouldn't mind spending 5 mins to share their most sought after knowledge

    Many Thanks.
    I haven't done this with our Smoothwall server yet but I have done this for our Ruckus controller without any issues. I used StartSSL for the SSL Certificate.

    It was while since I did it but it but it something along the lines of:

    • Re-generate private key length to 2048 bits as StartSSL will not accept anything lower - Zonedirector will reboot at this point
    • Create a new certificate request on Zonedirector and then import that to StartSSL
    • Import Signed Certificate into Zonedirector and then I think it gives you the option to import an intermediate certificate which I did
    • The ZoneDirector will then reboot and hopefully you'll no longer have Certificate warnings



    So possibly all you need to do re-import the signed certificate and then import the intermediate certificate before rebooting.

  2. Thanks to Ashm from:

    MYK-IT (27th February 2012)

  3. #17

    Join Date
    Dec 2007
    Posts
    864
    Thank Post
    90
    Thanked 164 Times in 139 Posts
    Rep Power
    49
    Thanks Ashm,

    I may have to restart from scratch then, as I had not changed from the default 1024 bit key.

    When I get a chance i'll try again,

    Many Thanks

  4. #18

    Join Date
    Oct 2007
    Location
    Northamptonshire
    Posts
    310
    Thank Post
    20
    Thanked 80 Times in 68 Posts
    Rep Power
    43
    No probs, you may not need to change from 1024 bit. When you originally imported the certificate request to ipsCA it would have come up with an error saying it requires a 2048 bit key length.

  5. #19
    IrritableTech's Avatar
    Join Date
    Nov 2007
    Location
    West Yorkshire
    Posts
    792
    Thank Post
    83
    Thanked 171 Times in 140 Posts
    Rep Power
    64
    OK, sorry for the late reply MYK-IT

    We've just tried and tested this on one of our ruckus controllers.

    • We have created a DNS entry for our controller - wifi.example.local which obviously points to the correct I.P. address.
    • We filled in a certificate request on the controller including the Common Name: wifi.example.local and ensuring all other fields were accurate.
    • Using the generated file, we applied for a free 2 year edu certificate from ipsCA, once again taking care with the form.
    • Once we received the certificate email, we copied the full certificate text, into a new text document.
    • We then downloaded the Bundle Certificate from here.
    • Using notepad we copied the full text from the bundle file into our new file in the following format.



    Code:
    -----BEGIN CERTIFICATE-----
    (Your personal signed certificate - wifi.example.local)
    -----END CERTIFICATE-----
    -----BEGIN CERTIFICATE-----
    (the intermediate certificate - the first section of the Bundle File - First line - MIIF8TCCBNmgAwIBAgIUEAAAAAAAAAAAAAAAAAAAAAAAACMwDQYJKoZIhvcNAQEF)
    -----END CERTIFICATE-----
    -----BEGIN CERTIFICATE-----
    (the global authority certificate - the second section of the Bundle File - First Line MIIGBzCCBO+gAwIBAgIBADANBgkqhkiG9w0BAQUFADCBsjELMAkGA1UEBhMCRVMx)
    -----END CERTIFICATE-----
    • We then saved this text file as wifi.example.local.cer and uploaded this to our controller.



    Hopefully that helps?

  6. Thanks to IrritableTech from:

    MYK-IT (1st March 2012)

  7. #20
    SwedishChef's Avatar
    Join Date
    Apr 2006
    Location
    Plymouth
    Posts
    115
    Thank Post
    15
    Thanked 11 Times in 8 Posts
    Rep Power
    18
    OK, I have emailed net-ctrl they are going to confirm with Ruckus if I can imported a cert from gogdady which I had from a CSR generated on my exchange 2010 box.

  8. #21
    eduabncs's Avatar
    Join Date
    Aug 2005
    Location
    somewhere in the midlands
    Posts
    394
    Thank Post
    31
    Thanked 21 Times in 19 Posts
    Rep Power
    28
    Janet offer free SSL Certs to schools via your LEA or RBC. JCS School Extension
    Last edited by eduabncs; 6th March 2012 at 01:47 PM.

  9. #22
    OverWorked's Avatar
    Join Date
    Jul 2005
    Location
    N. Yorks
    Posts
    1,013
    Thank Post
    198
    Thanked 42 Times in 34 Posts
    Rep Power
    30
    I'm just going through the same process: adding certificates to Ruckus ZD and Smoothwall to eliminate certificate errors when users bring in their own devices.

    I've completed the Ruckus ZD stage, now struggling with Smoothwall.

    I bought a RapidSSL wildcard certificate from trustico for our external domain. (e.g *.school.sch.uk). You don't need to generate a CSR from a server to do this.

    From the vendor's website, I downloaded the certificate text file (just change the file extension from .txt to .cer), the private key text file (which I couldn't do anything useful with), and (I think) a .pfx file. I may have generated the .pfx file myself a few months ago after importing the private key and certificate into IIS - I can't remember.

    I used OpenSSL to extract a private key (.pem) from the .pfx file and used OpenSSL again to remove the password from the private key. This gave me the two files I needed to import into ZD:-

    the certificate (.cer)
    the private key (.pem)

    Import the .cer certificate file first. Because it doesn't match the ZD's private key, ZD will ask for the corresponding private key. Give it the private key, and then give it the certificate again.

    ZD will reboot and all should be good.

    This actually took me several attempts to get right, but worked in the end.

    I recommend getting a wildcard cert if you're going to install on several servers - it's cheaper and less hassle in the long run.

    Tips : Using openssl to extract private key ( .pem file) from .pfx (Personal Information Exchange) Cycure

    That's the Ruckus ZD stage done. Can anyone help me and the OP with putting a certificate into Smoothwall, and getting clients to redirect to the Smoothwall's FQDN instead of the IP addfress, so the address matches the certificate?

    Thanks.
    Last edited by OverWorked; 24th May 2012 at 04:41 PM.

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. ISA 2004 and SSL certs
    By wesleyw in forum Windows
    Replies: 11
    Last Post: 13th November 2008, 03:37 PM
  2. Replies: 7
    Last Post: 4th August 2008, 01:50 PM
  3. Replies: 1
    Last Post: 18th April 2008, 09:31 AM
  4. Error with NEW SSL Cert in OWA
    By ICTNUT in forum Windows
    Replies: 3
    Last Post: 15th November 2007, 08:35 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •