Secure Hotspot with V9.6

  • 1
  • Question
  • Updated 3 years ago
Trying to get a demo of Secure Hotspot up and running. We're using ZD 1100 V9.6 Hotspot setup with RADIUS. RADIUS & ZD 'Test' Connection Okay.

But getting this error message (on the client device) when connecting to open-dpsk (our open WLAN): (for this test we're using the unrestricted login script)

Traceback (most recent call last):
  File "/usr/lib/cgi-bin/xmlcommon.py", line 313, in sendXmlString

c.perform()
error: (51, "SSL: certificate subject name (Ruckus Wireless ZoneDirector SN-401123000658) does not match target
host name '192.168.2.4'")

Content-type: text/html

Unrestricted user generation failed: No response from ZoneDirector

If we change to HTTP at port 80 by changing out HTTPS at 433 in /usr/lib/cgi-bin/hotspot_unrestricted.py we don't get the SSL error, but we get redirected back to unrestricted login page when we click 'I Agree'

We've verified Northbound Passwords, sever_loc, and Secure SSID on both sides...

Struggling here...appreciate any advice, Thanks
Photo of BC

BC

  • 8 Posts
  • 0 Reply Likes

Posted 3 years ago

  • 1
Photo of Alberto de la Cruz

Alberto de la Cruz

  • 42 Posts
  • 1 Reply Like
Ummm, I think I had the same problem and I added one line in xmlcommon.py

search for this line in the file:

c.setopt(pycurl.SSL_VERIFYPEER, False)

and add this one:

c.setopt(pycurl.SSL_VERIFYHOST, False)

Let me know if helps.
Photo of BC

BC

  • 8 Posts
  • 0 Reply Likes
Thanks Alberto, tried your suggestion, but completely different response,
server internal error 500.
regards
Photo of Keith - Pack Leader

Keith - Pack Leader

  • 860 Posts
  • 51 Reply Likes
500 error means the code won't run anymore due to a syntax error. Did you replace the line or add it?
Photo of BC

BC

  • 8 Posts
  • 0 Reply Likes
Yes, removed suggested code change, now back to original error condition:

File "/usr/lib/cgi-bin/xmlcommon.py", line 313, in sendXmlString
c.perform()
error: (51, "SSL: certificate subject name (Ruckus Wireless ZoneDirector SN-401123000658) does not match target
host name '192.168.2.4'")
Photo of Alberto de la Cruz

Alberto de la Cruz

  • 42 Posts
  • 1 Reply Like
But, as Keith said, did you replace the line or add it?

You should have both in your code:

c.setopt(pycurl.SSL_VERIFYPEER, False)
c.setopt(pycurl.SSL_VERIFYHOST, False)

have you tried this?
Photo of BC

BC

  • 8 Posts
  • 0 Reply Likes
Yes, I added the new line just as you have shown above.

c.setopt(pycurl.SSL_VERIFYPEER, False)
c.setopt(pycurl.SSL_VERIFYHOST, False)

I will go back and try again. Thanks.
Photo of Paul Cross

Paul Cross

  • 7 Posts
  • 0 Reply Likes
Hi,

I'm having the exact same problem, I've added the SSL_VERIFY HOST entry but am now getting the error 500. 

If I run the .py file from terminal (I've hard coded the form values) I get this:

* About to connect() to 10.97.0.12 port 443 (#0)

*   Trying 10.97.0.12... * connected

* Connected to 10.97.0.12 (10.97.0.12) port 443 (#0)

* found 141 certificates in /etc/ssl/certs/ca-certificates.crt

*  server certificate verification SKIPPED

*  common name: Ruckus Wireless ZoneDirector SN-171308000099 (does not match '10.97.0.12')

*  server certificate expiration date OK

*  server certificate activation date OK

*  certificate public key: RSA

*  certificate version: #3

*  subject: C=US,ST=CA,O=Ruckus Wireless\, Inc.,CN=Ruckus Wireless ZoneDirector SN-171308000099

*  start date: Thu, 18 Jul 2013 02:02:12 GMT

*  expire date: Fri, 14 Jul 2028 02:02:12 GMT

*  issuer: CN=Ruckus Wireless ZoneDirector Internal CA SN-171308000099,O=Ruckus Wireless\, Inc.,ST=CA,C=US

*  compression: NULL

*  cipher: ARCFOUR-128

*  MAC: SHA1

> POST /admin/_portalintf.jsp HTTP/1.1

User-Agent: PycURL/7.19.7

Host: 10.97.0.12

Accept: text/xml

Accept-Charset: UTF-8

Content-Length: 175

Content-Type: application/x-www-form-urlencoded


< HTTP/1.1 200 OK

< Date: Fri, 20 Feb 2015 22:55:24 GMT

< Server: Embedthis-Appweb/3.4.2

< Cache-Control: no-cache

< Content-Length: 101

< Connection: keep-alive

< Keep-Alive: timeout=5, max=99

< Last-Modified: Fri, 20 Feb 2015 22:55:24 GMT

< Content-type:  text/xml

< Cache-control: no-cache="set-cookie"

< Set-Cookie: -ejs-session-=x6e5951bc9766a677250946238c588b93; path=/;

< X-Appweb-Seq: 1846864

* Connection #0 to host 10.97.0.12 left intact

* Closing connection #0

<html><head><meta HTTP-EQUIV="REFRESH" content="0; url=http://login-unrestricted.html?login_result=failed"&gt;&lt;/head...;


Any ideas?

(Edited)
Photo of Paul Cross

Paul Cross

  • 7 Posts
  • 0 Reply Likes
OK, fixed that problem - had to change the urls to http instead of https - 

from nbi_url = "https://" + zd_ip + "/admin/_portalintf.jsp"
to 
nbi_url = "
http://" + zd_ip + "/admin/_portalintf.jsp"

Different error now, but script has got further and is telling me there's a problem in xmlcommon now.