I haven't done this with our Smoothwall server yet but I have done this for our Ruckus controller without any issues. I used StartSSL for the SSL Certificate.
Originally Posted by MYK-IT
It was while since I did it but it but it something along the lines of:
- Re-generate private key length to 2048 bits as StartSSL will not accept anything lower - Zonedirector will reboot at this point
- Create a new certificate request on Zonedirector and then import that to StartSSL
- Import Signed Certificate into Zonedirector and then I think it gives you the option to import an intermediate certificate which I did
- The ZoneDirector will then reboot and hopefully you'll no longer have Certificate warnings
So possibly all you need to do re-import the signed certificate and then import the intermediate certificate before rebooting.
I may have to restart from scratch then, as I had not changed from the default 1024 bit key.
When I get a chance i'll try again,
No probs, you may not need to change from 1024 bit. When you originally imported the certificate request to ipsCA it would have come up with an error saying it requires a 2048 bit key length.
OK, sorry for the late reply MYK-IT
We've just tried and tested this on one of our ruckus controllers.
- We have created a DNS entry for our controller - wifi.example.local which obviously points to the correct I.P. address.
- We filled in a certificate request on the controller including the Common Name: wifi.example.local and ensuring all other fields were accurate. :D
- Using the generated file, we applied for a free 2 year edu certificate from ipsCA, once again taking care with the form.
- Once we received the certificate email, we copied the full certificate text, into a new text document.
- We then downloaded the Bundle Certificate from here.
- Using notepad we copied the full text from the bundle file into our new file in the following format.
(Your personal signed certificate - wifi.example.local)
(the intermediate certificate - the first section of the Bundle File - First line - MIIF8TCCBNmgAwIBAgIUEAAAAAAAAAAAAAAAAAAAAAAAACMwDQYJKoZIhvcNAQEF)
(the global authority certificate - the second section of the Bundle File - First Line MIIGBzCCBO+gAwIBAgIBADANBgkqhkiG9w0BAQUFADCBsjELMAkGA1UEBhMCRVMx)
- We then saved this text file as wifi.example.local.cer and uploaded this to our controller.
Hopefully that helps?
OK, I have emailed net-ctrl they are going to confirm with Ruckus if I can imported a cert from gogdady which I had from a CSR generated on my exchange 2010 box.
Janet offer free SSL Certs to schools via your LEA or RBC. JCS School Extension
I'm just going through the same process: adding certificates to Ruckus ZD and Smoothwall to eliminate certificate errors when users bring in their own devices.
I've completed the Ruckus ZD stage, now struggling with Smoothwall.
I bought a RapidSSL wildcard certificate from trustico for our external domain. (e.g *.school.sch.uk). You don't need to generate a CSR from a server to do this.
From the vendor's website, I downloaded the certificate text file (just change the file extension from .txt to .cer), the private key text file (which I couldn't do anything useful with), and (I think) a .pfx file. I may have generated the .pfx file myself a few months ago after importing the private key and certificate into IIS - I can't remember.
I used OpenSSL to extract a private key (.pem) from the .pfx file and used OpenSSL again to remove the password from the private key. This gave me the two files I needed to import into ZD:-
the certificate (.cer)
the private key (.pem)
Import the .cer certificate file first. Because it doesn't match the ZD's private key, ZD will ask for the corresponding private key. Give it the private key, and then give it the certificate again.
ZD will reboot and all should be good.
This actually took me several attempts to get right, but worked in the end.
I recommend getting a wildcard cert if you're going to install on several servers - it's cheaper and less hassle in the long run.
Tips : Using openssl to extract private key ( .pem file) from .pfx (Personal Information Exchange) « Cycure
That's the Ruckus ZD stage done. Can anyone help me and the OP with putting a certificate into Smoothwall, and getting clients to redirect to the Smoothwall's FQDN instead of the IP addfress, so the address matches the certificate?