Hello, as per your recommendation, I have installed a 'Well Known Certficate Agency (CA)' signed certificate to resolve this issue.
As per expected behaviour, Hotspot users are redirected to the ZoneDirector, however the redirect still results in an SSL error stating that the URL does not match the CN of the ZD's certificate. This is because the redirect is using the ZoneDirector's IP address and not the fully qualified domain name
This seems contrary to information in the article:
https://support.ruckuswireless.com/articles/000001638:
'...After installing the CA signed SSL certificate on the Zonedirector, a common name(CN) (or) Fully qualified domain name(FQDN) will be associated with the Zonedirector. This requires accessing the web user-interface of the Zonedirector using this FQDN. Alternatively, we can also use the Subjective Alternative Name(SAN:IP/DNS) to access the Zonedirector. However, this depends on the information filled while generating the Certificate request from the Zonedirector
...As explained above, the corresponding FQDN will be used as default redirection page for Guest, captive portal (or) Zero-IT activation - authentication process.".
Potentially, I could add the IP address of the ZoneDirector to the public issued wildcard certificate as a SAN field to overcome this issue, but that is not possible because private IP addresses can not be added as SAN fields to public CA issued certificates.
What do you recommend i.e. how do other companies handle this situation ?
Thank you.