Ruckus/SonicWall DPI SSL
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-18-2018 05:31 PM
Good afternoon,
Recently one of our clients has installed a SonicWall unit and wants to enable DPI. All the domain users machines are managed so we can push out the DPI-SSL certificate easily to them. I need to figure out how to deploy the certificate across the guest network when visitors arrive on site. It can't be expected to manually install certificates on every guest users device.
My initial idea was just to purchase an SSL cert, import that into the SonicWall unit and the Ruckus ZD. However from reading a knowledge base I found the following:
"You cannot request a DPI-SSL CA certificate from a commercial certificate authority
Any help on the matter would be greatly appreciated.
Kind Regards,
Tom
Recently one of our clients has installed a SonicWall unit and wants to enable DPI. All the domain users machines are managed so we can push out the DPI-SSL certificate easily to them. I need to figure out how to deploy the certificate across the guest network when visitors arrive on site. It can't be expected to manually install certificates on every guest users device.
My initial idea was just to purchase an SSL cert, import that into the SonicWall unit and the Ruckus ZD. However from reading a knowledge base I found the following:
"You cannot request a DPI-SSL CA certificate from a commercial certificate authority
- Commercial certificate authorities will not issue certificates with Certificate Signing or Certificate Re-signing authority."
Any help on the matter would be greatly appreciated.
Kind Regards,
Tom
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-19-2018 05:39 AM
You could probably do this using the zero-it on-boarding but it means users need to download and run an APP which is far from ideal for a guest network. Maybe as a policy for employee devices it might fly. For guests its just too cumbersome.
You can import your own self signed CA in ZD. You need to add the root CA (public key) to the import but it's quite straightforward.
You can import your own self signed CA in ZD. You need to add the root CA (public key) to the import but it's quite straightforward.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-22-2018 12:50 PM
Thank you for the reply.
From reading up about Ruckus Cloudpath it gives you the option to deploy your own self signed certificate so that will work with SonicWall. For the time being I've created an exclusion for the guest WLAN so they won't be hit by DPI.
CheersOptions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-22-2018 02:03 PM
Indeed, cloudpath will let you deploy this cert, but via the installation of an App on the customer's device. Depending on your type of visitors, it might still be quite cumbersome.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-22-2018 02:45 PM
Oh that's good to know! Appreciate you getting back to me.

