CommScope RUCKUS Community Forums

axel_robbe · ‎09-20-2016

Hi,

We've been working on some Ruckus Unleashed APs recently and we've run into several issues along the way. Most of which we were able to tackle. However, after installing the APs in several buildings of a client, we discovered Android phones do not work over guest access wifi. This has to do with the certificate being used from the Ruckus APs.
Chrome bugs over a SHA-1 cert, which is considered weak, thus the phone does not have an internet connection.

I've tried to set the certificate setting to 2048 bits, but this didn't solve anything as visible on the last picture.

Anyone any idea if this is fixable? Our APs use the latest software version. 100.1.9.12.62

Image_ images_messages_5f91c3ec135b77e2478e634f_3ac0a0a91d45ded32c7ba4e4fe6f8be5_RackMultipart20160920246782eex-246cfb2f-2b63-46b4-a0d1-07f22daea9c5-1857191207.jpg1474403116

Image_ images_messages_5f91c3ec135b77e2478e634f_ee4f16598faca56a58a8328d5c1a7da7_RackMultipart20160920129030zof-7cde21e9-ba18-4dfc-99de-b3bbeaa657d6-736499351.jpg1474403167

Image_ images_messages_5f91c3ec135b77e2478e634f_b3679f96e0ab67d19ee7c36a2f217c88_RackMultipart2016092077929wgws-7a60f639-3700-46cc-872f-166eef48ec0e-1265490876.jpg1474403179

nat_nat · ‎09-21-2016

Are you using self-signed certificate or your own signed certificate? If you are using self-signed certificate then likely by upgrading to upcoming version 200.2 should fix it as the new self-signed certificates are using SHA-256.

If you are using your own signed certificate please ensure that certificate is SHA-256.

axel_robbe · ‎09-26-2016

It appears it's a selfsigned cert. I thought otherwise looking at the CA.
Nevertheless, is it fixable right now without setting up my own CA?
Can I force the guestpage to use HTTP? (I now it's not safe, but I need a workaround now)

CommScope RUCKUS Community Forums

Unleashed AP provide SHA-1 cert, Android phones reject it, thus no internet