We have recently had a ruckus wireless network installed. Everything from the AP's to the pair of ZD3050's configured as a smart-redundant pair is working well, except for the captive portal.
We have 2 SSID's set up to authenticate separate captive portals from separate auth servers. It is functional to some degree however we are having problems with certificates.
We purchased a cert (wifi.domain.ac.uk) from Janet which comes in 2 parts, intermediate CA and the device CA itself. They both load onto the ZD fine, but when we try to access the login page from a mobile device or laptop then we get a certificate error, even though when we access the URL from a machine inside the network, everything is green.
There are 2 possibilities as far as i can see. using the command below we only get the intermediate cert back, not the full chain
>> openssl s_client -check wifi.tower.ac.uk:443
Which returns this:
CONNECTED(00000003)depth=0 C = GB, ST = London, L = LONDON, O = Tower Hamlets College, CN = wifi.tower.ac.ukverify error:num=20:unable to get local issuer certificate
0 s:/C=GB/ST=London/L=LONDON/O=Tower Hamlets College/CN=wifi.tower.ac.uk
i:/C=BM/O=QuoVadis Limited/CN=QuoVadis Global SSL ICA G2
This seems to be wrong as the Webserver should respond with the entire chain not just a single cert:http://stackoverflow.com/questions/7587851/openssl-unable-to-verify-the-first-certificate-for-experi...
Another ideas is there is something OCSP related to the captive portal we need to explicitly allow - but i'm new to that part of x509....
Can any big forum brains point us towards an easy fix for this silliness?
PS. we are running the latest firmware on the ZD's: 22.214.171.124 build 336