SSL Certificates for R600 Unleashed...where to buy?

  • 1
  • Question
  • Updated 7 months ago
Ruckus's unleashed documentation says:
Unleashed captive portal services and the web UI use an SSL certificate when establishing HTTPS connections.
The default SSL certificate that is installed on the Unleashed AP is self-signed and therefore not trusted by any web browser. This is the reason why the SSL security warnings appear when establishing an HTTPS connection to the Unleashed web interface.
To eliminate the security warnings, administrators may purchase a trusted SSL certificate from a public Certificate Authority (CA) and install it on the Unleashed Master AP.
The basic certificate installation process is as follows:
  1. Generate a Certificate Signing Request (CSR) with the required requester information.
  2. Submit the CSR to a public CA for signing.
  3. Receive a signed certificate from the CA.
  4. Import the signed certificate into Unleashed.
All well and good, but I have spent the better part of two days trying to get past #2.

I have contacted Lets Encrypt, Comodo, and others, only to be told that no public CA will issue a certificate for an IP address. 

I am running six R600 AP's in a small lodging facility and the built in certificates have long since expired. Thus clients who are not tech savvy for the most part. recoil when they see the "Not Secure" and/or the invalid certificate warnings when connecting to the APs.

So while being beyond frustrated with this, I'm hoping that some kind soul will shed some light and give me some pointers on how to proceed. It seems slightly ridiculous that Ruckus does not offer more than the generic instructions above on how to so this.

A list of vendors and/or links to the pages where we could purchase the certificates or upload the CSR would be more helpful.
 
Thank you. 
Photo of hitesh patel

hitesh patel

  • 10 Posts
  • 0 Reply Likes

Posted 7 months ago

  • 1
Photo of Gideon Kay

Gideon Kay

  • 7 Posts
  • 2 Reply Likes
If the management system has a public ip why not register a public dns to the ip? Then you can create the csr for that address
Photo of Darrel Rhodes

Darrel Rhodes, Employee

  • 126 Posts
  • 66 Reply Likes
Hi Hitesh,

As mentioned by Gideon, in my experience, SSL certificates are usually registered against a public Domain Name (as, of course, IP addresses can change). 

I'm sure if you register a domain name for your captive portal service then you will be able to purchase a CA for this.

Regards,
Darrel.
Photo of hitesh patel

hitesh patel

  • 10 Posts
  • 0 Reply Likes
Darrel and Gideon, thank you for your reply.  

So I'm not using an external captive portal service. I have a very basic setup, using Unleashed's Guest Mode where the clients connect to the AP and then are (supposed to be) directed to the built in terms and conditions page, acceptance of which then redirects them again to their chosen web destination.

The APs are sitting behind a router and so are not public facing. 

If I'm understanding Gideon correctly, I could subscribe to a DNS service that provides a unique host name linked to my router's public IP, and use that to obtain the certificate. Would importing that certificate into the master AP resolve my issue?

Thanks.  
Photo of Darrel Rhodes

Darrel Rhodes, Employee

  • 126 Posts
  • 66 Reply Likes
Hi Hitesh,

So it sounds like the problem you've been having with trying to purchase a CA is because you were asking for a public CA for an internal-only IP address e.g. starting with 192/172/10.

Have you worked through the guideance here?
https://docs.ruckuswireless.com/unleashed/200.1.9.12/t-WorkingSSLCerts.html

I believe the wildcard Certificate Installation is what you require.  However you will need a FQDN (Fully Qualified Domain Name) to proceed.

Thanks,
Darrel.