- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-12-2021 01:17 AM
Hi.
I've messed up my web access to the unleashed interface page by installing the wrong certificate (Cloudflare) in the administration area, now I'm not able to access my R600 AP by browser anymore (Unleashed ver. 200.7.10.202 build 127).
When I try to access http://unleashed.ruckuswireless.com/ or http://10.110.0.1/admin/login.jsp I get redirected to the "Not secure" site http://cloudflare/tohttps.jsp and then https://cloudflare/
- I've tried to set up my "hosts" file on windows to "10.110.0.1 cloudflare" so I could maybe access the interface again,
- I've turned off the "Warn about certificate address mismatch*" in the Advanced - Internet Option
- I've installed the same certificate to the "Trusted root cert auth."
- ... to no avail
I even went through all the Unleashed CLI documentation and found nothing on
- resetting the default certificate or
- manually setting "https:/unleashed/" for the path of the web interface instead of "http://unleashed.ruckuswireless.com/"
Can anything still save me from resetting the whole AP to factory defaults?
Any help would be strongly appreciated.
Best regards to all!
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-12-2021 06:09 AM
Hey guys thanx for the effort. I just came across this weird browser "Pale Moon" which let me bypass this certificate issue that the modern browser today just won't let go. So I've managed to log in and reset the old Ruckus certificate. Everything works again.
Well if I'm curious how things work I give it a try and often break things along the way. I just love a challenge like that from time to time 😄 Sorry for the nuisance.
Best regards again.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-12-2021 04:16 AM
It's difficult to imagine why you wanted to replace the certificate. AP management interface should be never available from internet, and public certificate doesn't make sense on private addresses, as it doesn't mean anything than. Also it seems that you messed more than just certificate in the configuration.
I suspect that it will be much faster and safer to reset configuration and reconfigure it from scratch.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-12-2021 05:19 AM
I've accidentally done this before.
Trying to use http will always redirect you, but hitting https instead (e.g. https://10.110.0.1) should just give you the warning and let you proceed.
It is a shame there seems to be no cli for certificate management. I wrote a script to apply certs using curl (at https://ms264556.github.io/Hackery/pages/PfSenseLetsEncryptToRuckus.html) which you could use to choose a better domain for the redirect.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-06-2022 08:17 AM
I came here looking for an automated way to update the AP's cert; your script looks like it would do the trick--thanks for the work on that. It leaves me with a couple of questions, though:
- The workflow expected by the Unleashed firmware, at least, seems to be that you generate a CSR on-device, get that signed, and upload the resulting certificate. And it looks like that's what your script expects too, as it doesn't appear to upload a private key. Is that correct?
- When you upload the cert, do you upload just the leaf cert, or also the intermediate certs? IOW, in certbot terminology, do you use cert.pem or fullchain.pem?
- Why on earth would the entire access point need to reboot just to implement a new cert? That seems like strikingly poor design.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-10-2022 08:11 AM
- No you don't need the to run through any process on your Unleashed or ZoneDirector. If you have a close look at the script you can see I do two uploads - first the public certificate, then the private key.
- The .crt and .key have always been sufficient for me. When you're uploading certificates there is the option to also upload intermediates. If you find this is necessary for your particular case then I can update the script.
- I don't know why the reboot. Honestly though, it happens only a few times each year, and the pfSense ACME package schedules the refresh at 3am, so I don't mind at all.