+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 22
Wireless Networks Thread, SSL Certs - Ruckus & SmoothWall Devices. in Technical; Hi, Can anyone please advise what type of SSL Certificates I would require (with an indication of supplier/cost) to install ...
  1. #1

    Join Date
    Dec 2007
    Posts
    847
    Thank Post
    86
    Thanked 160 Times in 135 Posts
    Rep Power
    47

    SSL Certs - Ruckus & SmoothWall Devices.

    Hi,

    Can anyone please advise what type of SSL Certificates I would require (with an indication of supplier/cost) to install suitable SSL Certificates on our Ruckus and SmoothWall appliances?

    Using the builtin certificates are not a problem for our domain joined computers etc (as they use NTLM Authentication not SSL; and I know that I could push the certifciates out via GPO).
    The issue is with personal devices connected to the wireless.

    During the initial authentication process (Ruckus) it is yet another delay/prompt to accept and proceed with the unknown certificate etc.
    It's not a major issue, but it would be nice to streamline the whole authentication process.

    Thanks,

  2. #2
    StuartWhite's Avatar
    Join Date
    Sep 2008
    Location
    Ipswich
    Posts
    180
    Thank Post
    7
    Thanked 34 Times in 32 Posts
    Rep Power
    32
    You need to generate a CSR from the Ruckus ZD and get it signed by a CA.

    Thanks
    Stu

  3. #3

    Join Date
    Dec 2007
    Posts
    847
    Thank Post
    86
    Thanked 160 Times in 135 Posts
    Rep Power
    47
    Thanks Stu,

    Ruckus
    I've not purchased a SSL Cert before etc, what exact details do i enter, as I get the impression a full WWW URL domain is required to generate etc.
    The Ruckus is only accessible internally, so would be a internal IP address, or ruckus.{internal domain}.local at most.

    Any recommendations on type os certificate and/or supplier?


    Smoothwall
    Same scenario discussed here:
    http://www.edugeek.net/forums/smooth...ate-logon.html

    Many Thanks

  4. #4

    Domino's Avatar
    Join Date
    Oct 2006
    Location
    Bromley
    Posts
    4,020
    Thank Post
    212
    Thanked 1,163 Times in 758 Posts
    Blog Entries
    4
    Rep Power
    480
    For internal machines, yes a domain signed cert is fine.

    For external ones what you need is a cert that comes from a common trusted root CA. Personally we use goDaddy, but I know there's a few CAs offering free ssl certs for schools, a quick forum search should scare them up.

    Don't worry about the domain name being internal, the cert just says that the trusted ca says this site is who they claim to be.

  5. Thanks to Domino from:

    MYK-IT (31st January 2012)

  6. #5

    Join Date
    Dec 2007
    Posts
    847
    Thank Post
    86
    Thanked 160 Times in 135 Posts
    Rep Power
    47
    Thanks Domino,

    But I still don't quite grasp exactly what I require.. just been to godaddy website and they have:

    • Standard SSL
      Single Domain
      Multiple Domains
      Single Domains with Unlimited Sub Domains (wildcard)


    Initially I require a SSL Certificate for both Ruckus and SmoothWall so that users don't have to keep accepting the certificate from each product when logging onto the wireless etc.

    Long term, a SLL Certificate for future projects like HAP+ and Moodle etc would be required (I assume this would be a different set of certificates?)

  7. #6

    Domino's Avatar
    Join Date
    Oct 2006
    Location
    Bromley
    Posts
    4,020
    Thank Post
    212
    Thanked 1,163 Times in 758 Posts
    Blog Entries
    4
    Rep Power
    480
    Stuart will tell you definitively, but I don't think the ZD will accept a SAN cert, as it wants it's own from a CSR.

    So really you'd want two Standard ssl certs, one for the zd and one for the smoothwall. then future projects like HAP+ and Moodle may be able to be under a wildcard cert for external publishing :-)

  8. #7
    IrritableTech's Avatar
    Join Date
    Nov 2007
    Location
    Yorkshire
    Posts
    707
    Thank Post
    71
    Thanked 145 Times in 116 Posts
    Rep Power
    58
    We used IPS CA for our ruckus certificate. Free 2 year cert for education... SSL Certificate Authority low-cost, fully-validated 38$ SSL and 276$ Wildcard Certificates

    In your ZD go to Configure - Certificate. Fill in the info and click Apply. This generates a CR (certificate request) and use this file on the IPS CA website (or as @Domino suggests, there are plenty of others) then they will generate a certificate for you.

  9. Thanks to IrritableTech from:

    MYK-IT (31st January 2012)

  10. #8

    Join Date
    Dec 2007
    Posts
    847
    Thank Post
    86
    Thanked 160 Times in 135 Posts
    Rep Power
    47
    Update:
    I've created a SSL Cert with IPS CA, after generating a CR with ZoneDirector.
    The SSL Cert has been installed and the ZoneDirector rebooted

    The instructions from IPS CA state about installing additional certificates (from their website) onto our webserver.
    Not sure of this; as instructions mention IIS etc, and this is for Ruckus Authentication before you get Internet access but i I added their 'bundle pack' into SmoothWall CA Cert section all the same.

    Tried to access https://{url} and the web browser still state:

    There is a problem with this website's security certificate.
    The security certificate presented by this website was not issued by a trusted certificate authority.
    Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.

    Sorry for being a noob.

  11. #9
    IrritableTech's Avatar
    Join Date
    Nov 2007
    Location
    Yorkshire
    Posts
    707
    Thank Post
    71
    Thanked 145 Times in 116 Posts
    Rep Power
    58
    Oh yes I remember this now....

    I think I installed the certificate into a browser, and the additional ones. Then I exported the whole certificate into one file which could be imported to the ZD...

    Let me have another look to see if I made any notes.

  12. Thanks to IrritableTech from:

    MYK-IT (31st January 2012)

  13. #10
    IrritableTech's Avatar
    Join Date
    Nov 2007
    Location
    Yorkshire
    Posts
    707
    Thank Post
    71
    Thanked 145 Times in 116 Posts
    Rep Power
    58
    This page... http://certs.ipsca.com/Support/CSRBarracuda.asp suggests you might just be able to copy and paste the text from the different certificates into one file in the format

    Code:
    -----BEGIN CERTIFICATE-----
    (the signed certificate, several lines of indecipherable text with no spaces)
    -----END CERTIFICATE-----
    -----BEGIN CERTIFICATE-----
    (the intermediate certificate, several lines of indecipherable text with no spaces)
    -----END CERTIFICATE-----
    If that doesn't work for you, I'll do some more digging.

  14. #11
    SwedishChef's Avatar
    Join Date
    Apr 2006
    Location
    Plymouth
    Posts
    114
    Thank Post
    14
    Thanked 11 Times in 8 Posts
    Rep Power
    18
    Did you get this sorted, I'm looking to do the same.

    Quote Originally Posted by MYK-IT View Post
    Update:
    I've created a SSL Cert with IPS CA, after generating a CR with ZoneDirector.
    The SSL Cert has been installed and the ZoneDirector rebooted

    The instructions from IPS CA state about installing additional certificates (from their website) onto our webserver.
    Not sure of this; as instructions mention IIS etc, and this is for Ruckus Authentication before you get Internet access but i I added their 'bundle pack' into SmoothWall CA Cert section all the same.

    Tried to access https://{url} and the web browser still state:

    There is a problem with this website's security certificate.
    The security certificate presented by this website was not issued by a trusted certificate authority.
    Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.

    Sorry for being a noob.

  15. #12

    Join Date
    Dec 2007
    Posts
    847
    Thank Post
    86
    Thanked 160 Times in 135 Posts
    Rep Power
    47
    Hi @SwedishChef,

    Spooky, I was just about to update this thread to say (to @IrritableTech) that I still haven't managed to get this working.

    It is quite an inconvenience for (BYOD) users to click the various security warning prompts etc whilst attempting to authenticate etc.

    Not very slick!

    @IrritableTech, did you manage to dig out your notes? (the one importing various certificates into web browser and exporting a combined one etc?)

    Many Thanks
    Last edited by MYK-IT; 23rd February 2012 at 05:33 PM.

  16. #13
    IrritableTech's Avatar
    Join Date
    Nov 2007
    Location
    Yorkshire
    Posts
    707
    Thank Post
    71
    Thanked 145 Times in 116 Posts
    Rep Power
    58
    Sorry no.

    I'm just about to do the same thing on a ruckus controller in one of our primaries. I will get back to you.... perhaps even today...

  17. #14

    Join Date
    Dec 2007
    Posts
    847
    Thank Post
    86
    Thanked 160 Times in 135 Posts
    Rep Power
    47
    I am still failing to get my head around this!

    I'm also still struggling with a SSL Cert for SmoothWall as well! SmoothWall suggest I need a 'website certificate'?

    I am assuming that many Edugeeker's have successfully configured and installed SSL Certs for Ruckus / SmoothWall and they wouldn't mind spending 5 mins to share their most sought after knowledge

    Many Thanks.

  18. #15
    IrritableTech's Avatar
    Join Date
    Nov 2007
    Location
    Yorkshire
    Posts
    707
    Thank Post
    71
    Thanked 145 Times in 116 Posts
    Rep Power
    58
    Just about to look at this again. It seems the certificate we got issued for our partner primary did not contain the correct information (our fault, our certificate request was wrong), so I'm waiting for the new one to come back.

    Looking at things again. I don't think you should need to include the ipsCA GLOBAL CA ROOT certificate because that one should be in devices anyway (as long as they are all kept reasonably up-to-date). It might just be that you need to create a cert with the level 1 certificate, and your certificate.

    I hope to remote into the school this afternoon and attempt to sort out the controller. If I get it working, I will let you know.

  19. Thanks to IrritableTech from:

    MYK-IT (27th February 2012)

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. ISA 2004 and SSL certs
    By wesleyw in forum Windows
    Replies: 11
    Last Post: 13th November 2008, 03:37 PM
  2. Replies: 7
    Last Post: 4th August 2008, 01:50 PM
  3. Replies: 1
    Last Post: 18th April 2008, 09:31 AM
  4. Error with NEW SSL Cert in OWA
    By ICTNUT in forum Windows
    Replies: 3
    Last Post: 15th November 2007, 08:35 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •