topic Re: Secure Hotspot with V9.6 in ZoneDirector

Secure Hotspot with V9.6

bc_chamberlin — Mon, 12 May 2014 02:23:16 GMT

Trying to get a demo of Secure Hotspot up and running. We're using ZD 1100 V9.6 Hotspot setup with RADIUS. RADIUS & ZD 'Test' Connection Okay.

But getting this error message (on the client device) when connecting to open-dpsk (our open WLAN): (for this test we're using the unrestricted login script)

Traceback (most recent call last):

  File "/usr/lib/cgi-bin/xmlcommon.py", line 313, in sendXmlString


    c.perform()


error: (51, "SSL: certificate subject name (Ruckus Wireless ZoneDirector SN-401123000658) does not match target


 host name '192.168.2.4'")

Content-type: text/html

Unrestricted user generation failed: No response from ZoneDirector

If we change to HTTP at port 80 by changing out HTTPS at 433 in /usr/lib/cgi-bin/hotspot_unrestricted.py we don't get the SSL error, but we get redirected back to unrestricted login page when we click 'I Agree'

We've verified Northbound Passwords, sever_loc, and Secure SSID on both sides...

Struggling here...appreciate any advice, Thanks

Re: Secure Hotspot with V9.6

alberto_de_la_c — Mon, 12 May 2014 09:01:54 GMT

Ummm, I think I had the same problem and I added one line in xmlcommon.py

search for this line in the file:

c.setopt(pycurl.SSL_VERIFYPEER, False)

and add this one:

c.setopt(pycurl.SSL_VERIFYHOST, False)

Let me know if helps.

Re: Secure Hotspot with V9.6

bc_chamberlin — Tue, 13 May 2014 11:52:48 GMT

Thanks Alberto, tried your suggestion, but completely different response,
server internal error 500.
regards

Re: Secure Hotspot with V9.6

keith_redfield — Tue, 13 May 2014 12:34:30 GMT

500 error means the code won't run anymore due to a syntax error. Did you replace the line or add it?

Re: Secure Hotspot with V9.6

bc_chamberlin — Wed, 14 May 2014 01:10:26 GMT

Yes, removed suggested code change, now back to original error condition:

File "/usr/lib/cgi-bin/xmlcommon.py", line 313, in sendXmlString
c.perform()
error: (51, "SSL: certificate subject name (Ruckus Wireless ZoneDirector SN-401123000658) does not match target
host name '192.168.2.4'")

Re: Secure Hotspot with V9.6

alberto_de_la_c — Wed, 14 May 2014 08:18:53 GMT

But, as Keith said, did you replace the line or add it?

You should have both in your code:

c.setopt(pycurl.SSL_VERIFYPEER, False)
c.setopt(pycurl.SSL_VERIFYHOST, False)

have you tried this?

Re: Secure Hotspot with V9.6

bc_chamberlin — Wed, 14 May 2014 11:17:40 GMT

Yes, I added the new line just as you have shown above.

c.setopt(pycurl.SSL_VERIFYPEER, False)
c.setopt(pycurl.SSL_VERIFYHOST, False)

I will go back and try again. Thanks.

Re: Secure Hotspot with V9.6

paul_cross_6661 — Fri, 20 Feb 2015 23:09:20 GMT

Hi,

I'm having the exact same problem, I've added the SSL_VERIFY HOST entry but am now getting the error 500.

If I run the .py file from terminal (I've hard coded the form values) I get this:

* About to connect() to 10.97.0.12 port 443 (#0)

* Trying 10.97.0.12... * connected

* Connected to 10.97.0.12 (10.97.0.12) port 443 (#0)

* found 141 certificates in /etc/ssl/certs/ca-certificates.crt

* server certificate verification SKIPPED

* common name: Ruckus Wireless ZoneDirector SN-171308000099 (does not match '10.97.0.12')

* server certificate expiration date OK

* server certificate activation date OK

* certificate public key: RSA

* certificate version: #3

* subject: C=US,ST=CA,O=Ruckus Wireless\, Inc.,CN=Ruckus Wireless ZoneDirector SN-171308000099

* start date: Thu, 18 Jul 2013 02:02:12 GMT

* expire date: Fri, 14 Jul 2028 02:02:12 GMT

* issuer: CN=Ruckus Wireless ZoneDirector Internal CA SN-171308000099,O=Ruckus Wireless\, Inc.,ST=CA,C=US

* compression: NULL

* cipher: ARCFOUR-128

* MAC: SHA1

> POST /admin/_portalintf.jsp HTTP/1.1

User-Agent: PycURL/7.19.7

Host: 10.97.0.12

Accept: text/xml

Accept-Charset: UTF-8

Content-Length: 175

Content-Type: application/x-www-form-urlencoded

< HTTP/1.1 200 OK

< Date: Fri, 20 Feb 2015 22:55:24 GMT

< Server: Embedthis-Appweb/3.4.2

< Cache-Control: no-cache

< Content-Length: 101

< Connection: keep-alive

< Keep-Alive: timeout=5, max=99

< Last-Modified: Fri, 20 Feb 2015 22:55:24 GMT

< Content-type: text/xml

< Cache-control: no-cache="set-cookie"

< Set-Cookie: -ejs-session-=x6e5951bc9766a677250946238c588b93; path=/;

< X-Appweb-Seq: 1846864

* Connection #0 to host 10.97.0.12 left intact

* Closing connection #0

;

Any ideas?

Re: Secure Hotspot with V9.6

paul_cross_6661 — Thu, 26 Feb 2015 09:45:47 GMT

OK, fixed that problem - had to change the urls to http instead of https -

from nbi_url = "https://" + zd_ip + "/admin/_portalintf.jsp"
to
nbi_url = "http://" + zd_ip + "/admin/_portalintf.jsp"

Different error now, but script has got further and is telling me there's a problem in xmlcommon now.