Unleashed captive portal services and the web UI use an SSL certificate when establishing HTTPS connections. The default SSL certificate that is installed on the Unleashed AP is self-signed and therefore not trusted by any web browser. This is the reason why the SSL security warnings appear when establishing an HTTPS connection to the Unleashed web interface. To eliminate the security warnings, administrators may purchase a trusted SSL certificate from a public Certificate Authority (CA) and install it on the Unleashed Master AP. The basic certificate installation process is as follows:
Generate a Certificate Signing Request (CSR) with the required requester information.
Submit the CSR to a public CA for signing.
Receive a signed certificate from the CA.
Import the signed certificate into Unleashed.
All well and good, but I have spent the better part of two days trying to get past #2.
I have contacted Lets Encrypt, Comodo, and others, only to be told that no public CA will issue a certificate for an IP address.
I am running six R600 AP's in a small lodging facility and the built in certificates have long since expired. Thus clients who are not tech savvy for the most part. recoil when they see the "Not Secure" and/or the invalid certificate warnings when connecting to the APs.
So while being beyond frustrated with this, I'm hoping that some kind soul will shed some light and give me some pointers on how to proceed. It seems slightly ridiculous that Ruckus does not offer more than the generic instructions above on how to so this.
A list of vendors and/or links to the pages where we could purchase the certificates or upload the CSR would be more helpful.
So I'm not using an external captive portal service. I have a very basic setup, using Unleashed's Guest Mode where the clients connect to the AP and then are (supposed to be) directed to the built in terms and conditions page, acceptance of which then redirects them again to their chosen web destination.
The APs are sitting behind a router and so are not public facing.
If I'm understanding Gideon correctly, I could subscribe to a DNS service that provides a unique host name linked to my router's public IP, and use that to obtain the certificate. Would importing that certificate into the master AP resolve my issue?