Skip to main content

4 Messages

 • 

112 Points

Wed, Jun 17, 2020 10:05 PM

Answered

This site is not secure cert, can we create a self signed ca cert or use the wildcard * domain cert.

This site is not secure cert, can we create a self signed ca cert or use the wildcard * domain cert. Can the date on the default Ruckus CA cert be extended. only used for zero self activation on site

Responses

Employee

 • 

604 Messages

 • 

10K Points

5 months ago

Hi Kewal,

If you have a CA signed cert or wildcard cert then you can import it to ZD and utilise for secure access of ZD and it's related web services.

Please refer below articles which explains certificate import procedure.

https://support.ruckuswireless.com/articles/000001561

https://support.ruckuswireless.com/articles/000002991

Can the date on the default Ruckus CA cert be extended? No it cannot be extended.

Regards,
Syamantak Omer

Regards,

Syamantak Omer

4 Messages

 • 

112 Points

5 months ago

Hi Syamantak , I do not have access to these Docs with my logon.Also we only have the one .crt file - is this sufficient

Employee

 • 

604 Messages

 • 

10K Points

5 months ago

Hi Kewal,

Those are premium articles and will not be accessible without premium access to support portal.

Is it a CA signed wildcard certificate you have?

If yes, you will need private key as well.

You can easily extract cert chain if you have wildcard cert. Use a windows system, open the cert file, check the cert chain and export each certificate from the chain to base-64 encoding and save as .crt.

Post exporting the chain you will have below certs.

1- Wildcare cert
2- Intermediate cert (cert chain may have more then 1 intermediate so it you should export all the intermediate certs)
3- Root cert
4- Apart from above, you also need private key of wildcard cert. If you don't have it then contact your public CA who signed the cert and request the private key.

Once you have all the above cert/key then you can proceed to import the cert on ZD.

Below is the procedure.

1. Make sure you have certificate(s) in ".cer" format with "base-64" encoding and also make sure that you have complete chain of certificates (Wildcard >> intermediate >> root) along with private key in ".key" format.

2. Once you have all above certs/key, Import the wildcard cert into the ZD.

For 9.x firmwares: go to ZD Web GUI >> Configure >> Certificate >> Import Signed Certificate
For 10.1.x firmwares: go to ZD Web GUI >> Administer >> Certificate >> Import Signed Certificate

3. The ZD will prompt for the private key as the ZD will sense that the certs private key and the private key the  ZD has are different. 
4. Once the private key is imported the ZD will prompt for the cert again as it will sense that the cert it has and the private key it has doesn't match 
5. Once import the cert again, this time the cert's private key and the private key which the ZD has are same so ZD imports the cert, but figures out that the cert is wildcard so prompts for the hostname.
6. Choose the hostname and make sure you create an entry on your DNS for ZD's IP address with new FQDN created for ZD.
7. Now continue installing intermediate and then root certificate.
8. Once chain is completed, select restart ZD, ZD will come up this time with certificate installed on it.
 
Regards,
Syamantak Omer

Regards,

Syamantak Omer