This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
RUCKUS Self Help |   ASK the Pack
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Installing wildcard cert on ZD3000

david_nanton
New Contributor

‎03-04-2016 04:31 AM

Hi all,

I'm trying to install a new wildcard certificate on a ZD3000 running 9.5.0.0 build 156.

I import the certificate (CRT) and then I'm told I need to import a private key to match. I have a PFX file which I converted to PEM format as the ZD won't accept PFX files but still no luck. I've verified that the cert and private key do match using https://www.sslshopper.com/certificate-key-matcher.html so why doesn't the ZD accept the key? Any ideas?

David


3 REPLIES 3

santosh_bittu
New Contributor III

‎03-04-2016 04:39 AM

Hello David,

Where was the CSR used to get this cert generated? Was the CSR created on the ZD itself or was it generated on a server on your network? If you generated the CSR on the ZD you have the option to download the key from the ZD itself.
If this was a server on your network you need to get the private key from this server. You can use Open SSL to extract the certificate and the private key in the .pem format . Kindly refer to the below links that explains how to get this done and also provides commands that you will find useful:

https://rietta.com/blog/2012/01/27/openssl-generating-rsa-key-from-command/

https://www.sslshopper.com/article-most-common-openssl-commands.html

Hope this helps.

Regards,
Santosh
0 Kudos

david_nanton
New Contributor

‎03-04-2016 10:02 AM

Hi Santosh,

Thanks. I managed to sort it.

After exporting the certificate with private keys from the server I then had to convert it to PEM format (PFXFilename.pem) using OpenSSL.

Then I had to extract the certificate only using the command - openssl pkcs12 -in PFXFilename.pfx -clcerts -nokeys -out PFXFilename_cert.pem

I then exported private key only: openssl rsa -in PFXFilename.pem -out PFXFilename.pem_key.pem

That still didn't work, until I edited both files to remove any text before the -----BEGIN CERTIFICATE----- and -----BEGIN RSA PRIVATE KEY----- lines and anythign aftert the -----END CERTIFICATE----- and -----END RSA PRIVATE KEY----- lines

That last bit seemed to be the missing link as only then was I able to import the certificate and key successfully to the controller.


Best wishes,

David


Piet
Contributor
In response to david_nanton

‎09-15-2022 12:47 PM

I'd appreciate seeing the commands used in this process.

I installed the Ruckus_Wireless_ZoneDirector_SN-321408000091_certificate.crt in my Linux

/usr/share/ca-certificates/ruckus directory and updated my ssh certificates. I haven't

seen any improvement yet. David_Nanon's procedure of uploading the .crt and key to browsers

looks very interesting but the exact steps aren't clear yet. Mind elaborating on the details?

Piet Delaney
0 Kudos
Copyright © 2024 Khoros, LLC