Wildcard installation ZD3000

  • 1
  • Question
  • Updated 4 years ago
Hello all,

Per instructions in the 9.6 ZD manual, I have tried (and failed) multiple times to import our domain wildcard cert. Per the instructions:
A wildcard certificate is a generic certificate that can be used for devices in a specific domain. This is useful for Smart Redundancy installations where you have two ZoneDirectors. You can purchase and install two certificates, or use a wildcard certificate.
When you try to import a wildcard certificate, the ZoneDirector will notify you that it does not
have the matching private key. At this point, click on the “click here” link to import the private
key. Once the private key is imported, try to import the certificate again. The ZoneDirector will
prompt you for the host name. Enter the hostname and ensure that your DNS server is
configured to resolve that name to the IP address of ZoneDirector.


Having done that, I get stuck in an endless loop of not being able to apply the cert, any help?
Photo of Linda Rudawitz

Linda Rudawitz

  • 5 Posts
  • 0 Reply Likes

Posted 4 years ago

  • 1
Photo of Bittu

Bittu, Employee

  • 43 Posts
  • 13 Reply Likes
Hello Linda,

If you are trying to import a wildcard certificate onto the ZD, the ZD will require a private key that matches the key on the certificate.
The usual process of importing a cert is to generate a Certificate request (CSR) using the ZD , this process gets the ZD's private key into the CSR which is then sent to a CA signed authority to get the certificate generated, in this way the ZD's private key matches the key on the final certificate that is received.

In the wildcard certificate that you are trying to install, kindly open this file and check if you see a Start Private Key and End Private Key section, if you do then copy this info and save it. Now try the import on the ZD again and use this key doc when the key mismatch occurs. Also please check if you need any intermediate certificates for this to work.
If you still face issues with the import of the wildcard certificate I request you to write to Ruckus support and we will be able to assist you further.

All the best.
Photo of Lex

Lex

  • 12 Posts
  • 4 Reply Likes
Follow these steps to export a certificate with the private key (assumes Windows Server)

http://technet.microsoft.com/en-us/li...

Once you have the PFX file it needs to be decrypted to be accepted by ZD. Download and install OpenSSL from http://www.slproweb.com/products/Win3...

Browse to the folder you have installed OpenSSL in command prompt and run the command

openssl pkcs12 -in [path]certificate.pfx -out [path]certificate.pem -nodes

You should be asked for the password specified when exporting the certificate with the private key in the first step.

Now continue on to the Zone Director, import the certificate, choose the option to accept certificate and install a matching private key, then click browse again and select the newly created .PEM file. The ZD will now ask you for the host name and offer to install the certifcate and reboot or continue with installing intermediate certificates.

Done! This needs to be added to the KB.