Captive Portal w/ HTTPS Landing Page

  • 1
  • Idea
  • Updated 4 years ago
  • Under Consideration
I am trying to setup a captive portal / hot spot service with a ZD1107. I'd like the portal's landing page to load as HTTPS. However, when I configure the portal landing page to be a HTTPS URL, my browser produces a SSL connection error, and my authentication page does not load.

I tried using a few other HTTPS urls (https://www.facebook.com for example) just to see what would happen. I white listed them beforehand. Same result.

Any ideas on what could be screwing up the SSL connection here?
Photo of rotoole

rotoole

  • 10 Posts
  • 1 Reply Like

Posted 4 years ago

  • 1
Photo of Bittu

Bittu, Employee

  • 43 Posts
  • 13 Reply Likes
Hello ,

With reference to your post, Ruckus does not do HTTPS redirect's , we only support HTTP redirects and this is the reason for you seeing the SSL error.
This is already a Feature Request and we are working on incorporating the same in our future build.
Hope this helps. All the best.
Photo of rotoole

rotoole

  • 10 Posts
  • 1 Reply Like
Hi Bittu,

Thanks for responding. I may have chosen my words poorly. My issue is not that users are trying to go to a HTTPS page _initially_, then get the SSL error. I've read a lot of posts on that, and understand why HTTPS has issues being redirected.

My situation is different. I use HTTPS requests to do user authentication and I need those requests not to be redirected.

My login page loads as HTTP, displays buttons to login with Facebook, Twitter, etc.., when clicked those buttons initiate oauth requests to the given service. At this point, when the login window for Facebook should appear, I instead get the SSL error. I tried white listing all of the FB url's that appeared in Chrome's network debugger, but the issue persists. I may have missed some. Still trying to figure that out.

I tried making https://www.google.com the login redirect page, and white listed "www.google.com". And was able to get it to load. But I'm not able to replicate with Facebook.

Reflecting on this, it seems like I'm probably not white listing all the domains involved in FB auth.
Photo of Bittu

Bittu, Employee

  • 43 Posts
  • 13 Reply Likes
Hello Rotoole,

If you are referring to the SSL certificate error that pops up while redirecting, you see this because Ruckus ZD has a self signed certificate installed on it.

You will need to import a CA signed certificate that can be procured from CA authorities like GoDaddy etc. You can generate a certificate request(CSR) from the ZD , this can be done under Configure > Certificate > Enter the details under Generate a Request section. The SAN aka Subject Alternative Name is the IP address of the ZD.
Once the CSR is generated this file will contain the Private Key of the ZD embedded on the CSR. You will have to send this CSR to a CA authority and they will place their public key on this CSR and generate a CA certificate for you. Kindly note that the Private Key needs to match on the CA certificate and the ZD, hence please use the CSR feature available on the ZD.
Also the ZD uses the .pem format of a CA signed certificate so kindly have the certificate in this format while uploading onto the ZD.
Once this is done you will no longer get the SSL certificate errors when redirecting.

All the best.
Photo of rotoole

rotoole

  • 10 Posts
  • 1 Reply Like
Bittu,

Are you talking about the invalid certificate warning I see when trying to connect to the ZD's admin page?

My understanding is the certificates on the Zone Director (configuration > certificate) are only for creating the trusted connection to the Zone Director's admin page. The help manual says this about it:

Do I Need An SSL Certificate?
If you use HTTPS to connect to the ZoneDirector Web interface, a security warning appears every time you connect to the Web interface. This is because the default SSL certificate (or security certificate) that ZoneDirector is using for HTTPS communication is signed by Ruckus Wireless and is not recognized by most Web browsers.

If you want to prevent these security warnings from appearing, you will need to import an SSL certificate that was issued by a recognized certificate authority (for example, VeriSign, Thawte, etc). If you do not have an SSL certificate yet, you will need to create a certificate signing request and purchase a certificate from a
certificate authority.

....

Anyways, this is not my issue. My users get a "SSL connection error", when attempting to authenticate with Facebook from my custom captive portal login page.

Ryan
Photo of rotoole

rotoole

  • 10 Posts
  • 1 Reply Like
Answer: Facebook just has a ton of ip addresses that require white listing. You can get them running the command:

whois -h whois.radb.net -- '-i origin AS32934' | grep ^route