Connect APs to SmartZone over the public Internet
You can use SmartZone to manage APs at remote internet-connected locations, and tunnel selected traffic back to your network.
Your SmartZone / Data Plane(s) can be behind a NAT router, but this router requires a static WAN IP address.
Your APs can be behind NAT or double-NAT (e.g. if your ISP uses CGNAT).
You need to NAT incoming SSH and HTTPS traffic to your SmartZone.
You need to NAT one incoming TCP & UPD WAN port to each Data Plane, if you have any.
And you need to configure your APs with the public IP address of your SmartZone.
A complication is that you might already be serving an unrelated website on port 443.
This problem can be addressed by installing a reverse proxy (if you haven't already), and only passing HTTPS traffic if it matches the specific URL which SmartZone AP provisioning requires.
Other Firewalls
This guide configures NAT and HAProxy on pfSense. You will need to adapt the steps to suit other firewalls.
Coexistence with ZoneDirector / Unleashed Dedicated Master
If you also follow the ZoneDirector Guide or Unleashed Dedicated Master Guide then SmartZone can share a single WAN IP with either Unleashed Dedicated Master or ZoneDirector (but not both).
SmartZone configuration steps
Virtual SmartZone High Scale (vSZ-H) with 3 interfaces
I recommend using vSZ-H, with 3 interfaces, for an internet facing SmartZone.
This will only expose control interface SSH accounts to the internet.
This also lets you setup Partner-Managed Domains and gives you a Staging Zone, both of which let your remote location(s) manage their own APs.
vSZ-H network interface order
When you're assigning virtual switches or VLANs to your vSZ-H guest, remember the interface assignments are fixed:-
NIC 1: Control Interface
NIC 2: Cluster Interface
NIC 3: Management Interface
Disable SmartZone's AP certificate checks
We need to turn off SmartZone's AP device certificate checks, since we'll be proxying the AP traffic.
We will configure HAProxy to enforce AP device certificate checks.
ruckus> enable
Password: **********
ruckus# config
ruckus(config)# no ap-cert-check
Do you want to continue to disable (or input 'no' to cancel)? [yes/no] yes
Successful operation
% This configuration will take effective in a few minutes.
Firewall (pfSense) configuration steps
Add NAT SSH Port Forward
Firewall
> NAT
> Port Forward
> Add
(the down arrow)
- Edit Redirect Entry > Protocol:
TCP
- Edit Redirect Entry > Destination port range > From port:
SSH
TIP
If you can apply a Source rule (e.g. an ISP's IP range) then do so
- Edit Redirect Entry > Redirect target IP > Address:
<SmartZone Control IP>
- Edit Redirect Entry > Redirect target port > Port:
SSH
Save
Apply Changes
Add Data Plane NAT Port Forward(s), if you have any Data Planes
Multiple Data Planes
If you want to tunnel AP traffic back to your network then you need a vSZ-D/SZ-D for each AP firmware version you're using.
Each vSZ-D/SZ-D will need a unique Data External(NAT) Port.
Visit Network
> Cluster
and configure each Data Plane with a unique Data External(NAT) Port
.
For each Data Plane:-
Firewall
> NAT
> Port Forward
> Add
(the down arrow)
- Edit Redirect Entry > Protocol:
TCP/UDP
- Edit Redirect Entry > Destination port range > Custom:
<Data External(NAT) Port>
TIP
If you can apply a Source rule (e.g. an ISP's IP range) then do so
- Edit Redirect Entry > Redirect target IP > Address:
<Data Plane Data IP>
TIP
This is the Primary(Access) IP if you split the Access and Core interfaces
- Edit Redirect Entry > Redirect target port > Custom:
23233
Save
Apply Changes
Add CA and Certificate for HAProxy Frontend
Create SSL Offloading CA and Certificate
System
> Certificates
> Authorities
> Add
- Create / Edit CA > Descriptive name:
internal-ca
Save
System
> Certificates
> Certificates
> Add/Sign
- Add Sign a New Certificate > Descriptive name:
<external IP>
- Internal Certificate > Certificate authority:
internal-ca
- Internal Certificate > Common name:
<external IP>
- Certificate Attributes > Certificate Type:
Server Certificate
Save
Import AP Client Certificate CA
System
> Certificates
> Authorities
> Add
- Create / Edit CA > Descriptive name:
RuckusPKI-HaProxy-CAs
- Create / Edit CA > Method:
Import an existing Certificate Authority
- Existing Certificate Authority > Certificate data:-
-----BEGIN CERTIFICATE-----
MIIFwzCCA6ugAwIBAgIFETMpBSgwDQYJKoZIhvcNAQEMBQAwdzEgMB4GA1UEAwwX
UnVja3VzUEtJLURldmljZVN1YkNBLTMxHTAbBgNVBAoMFFJ1Y2t1cyBXaXJlbGVz
cyBJbmMuMRIwEAYDVQQHDAlTdW5ueXZhbGUxEzARBgNVBAgMCkNhbGlmb3JuaWEx
CzAJBgNVBAYTAlVTMB4XDTIzMDMwMTAwMDAwMFoXDTQzMDMwMTAwMDAwMFowbTEL
MAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVNhbiBE
aWVnbzETMBEGA1UECgwKUEtJIENlbnRlcjEgMB4GA1UEAwwXUnVja3VzUEtJLURl
dmljZVN1YkNBLTUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDWirtT
xCEZA3iTI1nKhUa/A9d5irdnK9MaXyL9WWFmo3yXmd+gOa2oJJHMa1GzBt0qmAZc
J5YdkNXbJsECDwFgd3mnVHndt9yePOI5hwuWQdOqH73PVKtYF8k1Zphse4DFc2ez
noMsjEpfMndgNNNS9fGnPBI+uY4Vob0e+13PZrGqKBl+eLqpKg8/QmSpgxO/GCd+
EqhB59dATOMlTHajUEBge+VjM5HLxlVOHdT2uZTX7QAlou74vNOONOc3cDPTq6su
YFpNw/ci+55ijZT2GyBJOI4QchuSDAk7RkJTDOMesrZvu9aLtp0IUCc3iiYC9RDG
6Hh4Df1n8rYYfM75+d6DeU82WCyGutY9i23W3tklozJHHykLD7Q8I57MNClbW3IM
WTuDEak/92nFFXWDC9GIK+EHXUL2w34xM28mN1uepVX9/tou9GONsU2u8BYTXT9M
BkiX1efRoua6idwbQbNvQxLv9yNqqpPABK1x1/vGCk+rWK6ZpKRNPPcAkk2uOXTw
hSVa4H7Ix6bdW29FOp/BhYJfQzQ3TPh1NwAs+t4YsLVdezCSCuBlTNJ+XL7sGqB3
FlzBKeD6DcxNEhlPQhNlSBys4Z0HYkd8AX/yT1OK7hXO+gh7Mv7aRKRDrNYd6L4A
d4YLnBBeAhIrEux2tJtoMLTuGtfCFZmOe4nw0QIDAQABo2AwXjAdBgNVHQ4EFgQU
Tc6JB/IkYrT8KN5cKTZDLLszm3UwHwYDVR0jBBgwFoAUhpRz0Fa+lCguPBY7V0x9
E9n4IAgwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEM
BQADggIBALpKd5kDkor70rI1jIbmVrsFbR+1aKuQZjKgQNCN4UQZjG/anzMd7NC6
M1qBIs2LcMJxXc+oe2xqt1SwlyHov0QPEOEZSVrmkvIQvekIGIzefp3dDPbeef8J
0xY+ctvlZeqw0RkIumXSXMIxZzIiSKZE66nZaCBJlJcMEgMjwmrpVRP4LTaWePIg
ABu9xX5TspFHXuy0dcXM3nNCdZZDG8c0lHBti/p05he3yM/5ID1AE3th8GnzNrHZ
PB1JDiWOjILQE+Ud/DU9asjMprprGyfLTzr3L5IWYeg0EU4Cw2QrmjEjSZ3ClsS/
x283igLvJ+pmsvDsgyKExArvxGNLUtHKKzv21Mb0PjQUQ//kIdttRzxy5Ar/S4KU
bK0LpvUC4u57cwhwGL3CqwXHYbrNYJ8wr+lhMBfGfeM5QuF15k7es8oMlz4fquVs
hFF9Y18ExivcFmH6oMUvSNSCtQbpWhrMVSRqeGGRIq0FZ6qKz5Vj2d1q1SrQH9pz
9FKJNrEBIr3RQl9Mb5a52IuaPtsN+/TTyxGoTw8mbRAfOB4cbHM3QJIo01q+yngs
lS8PkNdjO2tFj8gysmwCYZzu+n+5BWtfrck25E4jwRNhZ56V2M9iVW0/J2+eUd44
0fZMML1+lY42RQFo/aBY0pXPC9cfhX/reCffsV8Od/+eqqVdk0wt
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFzjCCA7agAwIBAgIIdVfvuHSs7pYwDQYJKoZIhvcNAQEMBQAwcjEbMBkGA1UE
AwwSUnVja3VzUEtJLURldmljZUNBMR0wGwYDVQQKDBRSdWNrdXMgV2lyZWxlc3Mg
SW5jLjESMBAGA1UEBwwJU3Vubnl2YWxlMRMwEQYDVQQIDApDYWxpZm9ybmlhMQsw
CQYDVQQGEwJVUzAeFw0xOTAyMjUyMzQwNDVaFw0zODA2MjcyMTAwNDFaMHcxIDAe
BgNVBAMMF1J1Y2t1c1BLSS1EZXZpY2VTdWJDQS00MR0wGwYDVQQKDBRSdWNrdXMg
V2lyZWxlc3MgSW5jLjESMBAGA1UEBwwJU3Vubnl2YWxlMRMwEQYDVQQIDApDYWxp
Zm9ybmlhMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
ggIBALCMHHCq1Sz7uGIAON9r6OgggXSWNu3lH+ENZJQcI//7s/KtHa98Y2SJ4J0b
u7QdVHNSC4Uv4rE05Df/c18Xe9E8aDoogTxGKs81zVDOr4Ip49BHXvMo3OnW/GR7
emQFv4VX3f/wrZEorVqx5+jt6MaMcbBQWEZgZj/EITV8u4AuudoKBDdmpUMIY/K3
Mjtg93S8Nym7Ee/6vVmumHhU15NC4x++2NRKbP+jhvvvLDO1xpqNEnl1qim9CiEF
THPLlBXfinlpeO/xV0xycchG7fNkML/gjI6f72Y0Co5WFpYIeG9rCtIm7zRBI6zG
eVXS/Y1L165pJIdEV4KepxrIbB1KoZCA6Iq4WLlONKjoq+BY9fzLRhOwX2qjPSQS
nvJqJIuoB5x4MnC6VWa590nSZqIIRTb7NGbThHXyDJUUdTLk8+DEGCFSHwyd8wX4
nu8M2sZa+55hrHrggj9+0eBA4NM4ja6jYLi0n+aHLSspNNJ+wH+PymV79ulvsx0D
e//5U8qF2x1TDxtxkBI0Hjl53uJoMbDXjd6ZIV0MJ8k2m9Yecg0AYjUUhlSnYWWF
dj7yEjwAQ5G0sr4k9gJde5THxPK7Itp9d08eMpEGRQuyMdJtHrzXZnQyrMDkX8jU
aWcnzXvTP7q+Q53Kc8wKR/58b+Ozad3dUVL/p91zGG4uOFMVAgMBAAGjYzBhMB0G
A1UdDgQWBBSylVWIhaf1mhcnNfxXkHFuOO6vZzAPBgNVHRMBAf8EBTADAQH/MB8G
A1UdIwQYMBaAFL4+oAaFKr6W2C+oMSkW5ZveDXHjMA4GA1UdDwEB/wQEAwIBhjAN
BgkqhkiG9w0BAQwFAAOCAgEArso9U+sOqpRoexE3LOqw6qASuH9P6AbR4kqcM5Vx
H1hn3nkhkwsOJcTu+PkpUzatQXZhF7E7H/bb3n+Ww2W3FCdt2KDnF8nU5nKoQnKS
ObzE08TvflN+GJhCNENl8zHeu+PkqTNAF230vj5JXOHiqD6rVQpokIsbLpbjc0PK
tn4Co1K9cf5EdzYONwaWAX9CGlmScmsmFtgETqBNJjybHgEOWqqYcE9p+ZPsdedj
4D/frIkzuAK85Mf3pV7VYe606Jndyec3IAV71PEfKHr7S2FM3b0k+4Z0FrPcnnCf
NSR1OH+tJTNkCVKX7mKPHzDFMioTdQ4vcsBilQ9d/KZPOrey1VWBQt/wpFbFSBVW
T7CLPAwg24li9NhBMMo7gmnKTuNf2oxK2/ZBKHPQNtkBZEcd0RPuCfhx0MVb8jjr
oGawI3fscHYpawUP3+6LcyOVOe8o52W3xrOkakzItnyDhw9mXGdBKBdRkkMfVhwO
3lGPX1H6E4OQT4j/zJPxKem+yOHuBLZMHwVAgep4vmflwNd8pIHQXlICCt3iBGuC
OZa0QXzfurOjSwOQOpg1FYaclx7gDi2hfASw8nIZk0/2Kf0I/Hksmlkmzj/om1KQ
7e2GyYtRtQCbrD1wNitvyboMjvwqwRcz2WsMCL0skdHVP+nECOLrYGqVQsIqv2ZB
2SA=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFzjCCA7agAwIBAgIIEHB98YRBJUkwDQYJKoZIhvcNAQEMBQAwcjEbMBkGA1UE
AwwSUnVja3VzUEtJLURldmljZUNBMR0wGwYDVQQKDBRSdWNrdXMgV2lyZWxlc3Mg
SW5jLjESMBAGA1UEBwwJU3Vubnl2YWxlMRMwEQYDVQQIDApDYWxpZm9ybmlhMQsw
CQYDVQQGEwJVUzAeFw0xOTAyMjUyMTA4NTRaFw0zODA2MjcyMTAwNDFaMHcxIDAe
BgNVBAMMF1J1Y2t1c1BLSS1EZXZpY2VTdWJDQS0zMR0wGwYDVQQKDBRSdWNrdXMg
V2lyZWxlc3MgSW5jLjESMBAGA1UEBwwJU3Vubnl2YWxlMRMwEQYDVQQIDApDYWxp
Zm9ybmlhMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
ggIBAMIzxSAKSW0TNj1gIbuSqR8rtM7m2mZSd+60YlFUT/tzAQCChMl5Vsy1TN3L
Xop/VvQyUuTzHcZxyK7RD6nzymM+RrdbAJY9Q7s918TDYfKL7ylNy7Xmuu2fc+4d
9K62K3N2mCsx6Zv8oXzp62AbxBQEjdO4B/01KI70w61eBx6jOcr/rSFX4cNFD23A
Op9t+v3DyFerd8LYbMNEdhP90nkz7DVaillij8zZhIbc9PdO6TMHBtpCANv+kOIk
Q6OHfeMYs+8IOYZ4Ru/Rkxqdk4gbbgeEUGkvTpX3M0ySNFidw3QEMtUYTJv68es9
Hhj9dNwwh6Agb98Mga8N24v8izj8gEU206MrdnmGN9bQ3+rFWi8iqnjcO43WCn7H
kOVx7YtBx94hd1BMp3E13uFIo0Wk7IovQPUv/NgfBnEldhr1jsYuXCTSrBpInvND
DleTXmtpCq3MCZGarQwHTd2Vkrgww3coLcfk07/VG9QjNPxsz+HlOYK6kQiWWKBM
uVTUsAafW/LQ9nMH3BvT5FY7Koa0sgwTJi95ZdquC6nDvn5lmrCsXG9j+GuGFTsg
6oe3QQJ90LSPrD6OlZzwHFbGbGuF7WXiXEafLvAKpxIpRLmEOajLWX62LN5ds71I
jtu+Xbg51m9YT8vpGPRA95g+4KTekeGz9cyHxSDhuYmrzKwXAgMBAAGjYzBhMB0G
A1UdDgQWBBSGlHPQVr6UKC48FjtXTH0T2fggCDAPBgNVHRMBAf8EBTADAQH/MB8G
A1UdIwQYMBaAFL4+oAaFKr6W2C+oMSkW5ZveDXHjMA4GA1UdDwEB/wQEAwIBhjAN
BgkqhkiG9w0BAQwFAAOCAgEAlW9OTpnNmdkis2kezXqpz9/863cTFRMEgq/o5DSV
4bBp9hsen51zpbyqo/Fk1mVPRCoOASDM5pA+2rNNJQMMjJrQ4aiUz3UXh3EaETiA
l8SRO0PahHTQL65x5e8RdJ5QP4eFv0ZzKlnAx1uTdlUUmC7FEqmjx8IqQohulGwJ
Sg1TXFOlrAAg5tk5F+gDvAf5RmGgGSKnxaoVKmu4JC7TB7Gb4R8sO1fHpC4F6Xf0
mg1US0FNUtS+ikN9yNEJv8rql0oTqnUWPrMACRMv9wwcq89gUBvIx3M8RvGMAWpA
u/BmoRPgOhllLos1OXsYo95qlJSUTFOk+zJwN4wZRFH/HbIfzH29l39Ch1PEUCSD
cSRBw6NWK5n7nbIxltgMsvUHQ1fH4ea40Ke7deiBxezzy/u0FZPBSuW5g60ZN0PH
P81LQf+1ZGuBR5W3iySkIhdNChUhvMV3hIPt0S0tEJcIPAzWZgTTfg2bZYVl2Stk
ymGgIqhvCXnmCIFOIGvQdk2XnGwYiV3zhg+LTGleHv7lFql+9ay2d9hr82IEm84P
afokqpWoFv68kDellG+NsSwo47HIWk8adoXaICZeqwFdS6be0moIrLJGuiFZ/qhv
Yuel0wRcCryJ7AxiUQWpvVklix1FyZCrdI7tbXgKpQ4m78tcHt/MeHtC9HtwrnUn
arg=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEzjCCAragAwIBAgIILPtrVmn6XQcwDQYJKoZIhvcNAQELBQAwcjEbMBkGA1UE
AwwSUnVja3VzUEtJLURldmljZUNBMR0wGwYDVQQKDBRSdWNrdXMgV2lyZWxlc3Mg
SW5jLjESMBAGA1UEBwwJU3Vubnl2YWxlMRMwEQYDVQQIDApDYWxpZm9ybmlhMQsw
CQYDVQQGEwJVUzAeFw0xMzA4MzAxNzIyMzNaFw0zODA2MjcyMTAwNDFaMHcxIDAe
BgNVBAMMF1J1Y2t1c1BLSS1EZXZpY2VTdWJDQS0yMR0wGwYDVQQKDBRSdWNrdXMg
V2lyZWxlc3MgSW5jLjESMBAGA1UEBwwJU3Vubnl2YWxlMRMwEQYDVQQIDApDYWxp
Zm9ybmlhMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKpcBsXAnOPV2K4zEbNMrBD2qFXvilZpOEd7F2Q66zzZpDTuHAmcivq8ot2D
a2EoMR/NcWQIuoTCO/ePtyrur2UszCMpO4qe/lbhBez06x4HSb/Lh0LCOr3QSwUx
y3kk3ubPGEFFoSFuWU9mHv+DjTzm6iLXf3x2v9ofbGXdLIGdt3y1HAGmkkPmYoFe
antNmenZmi1PymAtXzhLQ2mi2EJHE9ySkgv9GyuR3q8yXgYqEM4Gv6YlTjaDFto4
ERm1dgK6vID6vJ0xe1hvko++oghlfrU/akP+Kd5vDqXT/1VXNLutGpZv7ZXQ+rUC
j0lmHWA8YheuBV9QaOB4oWWzgnUCAwEAAaNjMGEwHQYDVR0OBBYEFGpTsB+yyOjd
xKlxKs8UbBx3mbz2MA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUvj6gBoUq
vpbYL6gxKRblm94NceMwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IC
AQBr4/5IdbiMh83hl0J1Bl/9MBfyiiGUdHoMnDkYf+XXey1noTReLSUDGpWmnaxU
BD/i/hWUZq6r+bSRJLjG+dBLTkUsQjXebsg3tS0YvB4ocvSLapC0rniX+/Rz9G7u
MwHzuiGvB6ZonAmaY3JSjBBaLmXX2+ApMYdPMwWIDsJ3iIH1HxSI1y6gDBL8kl4H
UTAkE+JgRxVaEJTQqNd1XmoNXmz6TPw1fgNLVFweWGP6TSS8GbyCfEeKGw8Qx2QU
WrKNpwenhFT2XHejP2HDDQhdKco2A3AXF7Q2VQQRYTzu26s/hGR6Nous1JzrWWl2
849j5KSnNevp2ZUdMwugLabRSKncG7u2KZmOV4yWXO7bMspS9IVQ6QGLga+urhAy
GMKh37JpRI3JAllzgMjHcVtiLWytuSxudt3eoX6SAdzCdZBBJo7IyVZh5SAfAyku
ZnUX9SSOdUZqbuD69umWenweF5V++oixOUvlKkbO1QDN0KsuOadXExBInPC7+xP8
UEmsxaTcKKVYRs8EyZr5o7YNJT8Kg1t3tNV5DOiH2UA+cRrS2puO2gXwIPyQq9Bc
QlYtWTNFHW79jqqkYPZU0PWxnwzu7U2LDnwkAIQ9zqYJ6oEXJfZ7CtLIi3HBr7et
NEEbtPM9LtDvQEPjYyosSCgg3/698XpHu16gZ86DyD02AQ==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEzjCCAragAwIBAgIIOSjCeG3f1yowDQYJKoZIhvcNAQELBQAwcjEbMBkGA1UE
AwwSUnVja3VzUEtJLURldmljZUNBMR0wGwYDVQQKDBRSdWNrdXMgV2lyZWxlc3Mg
SW5jLjESMBAGA1UEBwwJU3Vubnl2YWxlMRMwEQYDVQQIDApDYWxpZm9ybmlhMQsw
CQYDVQQGEwJVUzAeFw0xMzA4MzAxNzIwNTFaFw0zODA2MjcyMTAwNDFaMHcxIDAe
BgNVBAMMF1J1Y2t1c1BLSS1EZXZpY2VTdWJDQS0xMR0wGwYDVQQKDBRSdWNrdXMg
V2lyZWxlc3MgSW5jLjESMBAGA1UEBwwJU3Vubnl2YWxlMRMwEQYDVQQIDApDYWxp
Zm9ybmlhMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMK9QzxsBMmPXtMH/j0iq7F1Z7YDZ9jv5wYHW37mWdHmBne8agHjCLB7mD5b
GVdknWVfvc0GWW49S8+YpyKI684acTKq3sf4kwzFp9aPuPcrnHzl1XvwPOhxsg7m
A8yYNvVGu7TpJiFR62l1RVj44dOMm8ZpARBf+gTam8a0eiS2V0GlnS25WCHOpm1Y
ypx1lePz4fBGk3OsOGO6lrVlGg14Zv46muGqwGr//Q+2UwxyDVd+a6ywIEzBiQiP
geA24EJC7/LA5/YeCk4rMlfZhsOv4nI2ncF02FnJiv0kGHNpZeour8aUyuSP4xqo
hgtywQfNzu1vK/ne70C/g7MYAWcCAwEAAaNjMGEwHQYDVR0OBBYEFGjC8a6J92dX
kxnJt6iIrfDTe7MdMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUvj6gBoUq
vpbYL6gxKRblm94NceMwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IC
AQCPRP8Z6qxFCiFv2R7Xgj4XP6gaw6ZwrA9ypEcUGL0V8OpsGT9sPNQZeJBVS7qI
vJ5NH58hnPGceg0FvRIU3tQSpaRuIX3892YbQ7MfFvrV/kFQAMqfJCdVe6dRlQyP
izQ7L9l8UaEMsTDmo/QKuXiZ0PLVygQb5Jz16NCmgxtiJzek3xDWA0LOXQzDbofV
ydZ3/Cm/IDqP717RzyvrVuwXNFIKUA+X6igvJ0Yc3+JfeeLQu8AqPe+65IuT7lU8
SZS1q13cvKEs0HVJa9DtHJFYIe1KL52+o7y1LebjhqUTNDKp4eHmhQQBtjPBhu8g
MhE2x45BFQopLFSsG/519bSn606ahJnk0dljXcexGYuRzvBtdQrM9jaUUJ03fz6G
nhbcFqnVoMw8r+EnJrNz0SVBtBRCdZTlpPksie3z48k/p6L5MqbxOBvWgSfpkPPR
WM/VX6ETInlCD63i2pi/0e83I+VAC/IUKA7LHx9hvMx5XxNo8m3d0oXJzNVQj0Cd
OG80Rygm9eKvNaiMdVIH5GSuzEpik5FjmgXyDFnsN+l6DEdLG6RPtav6tQ3TUvfV
wIhVtsoDALuXLwiKwG6JRbj/mMIqATRoXNCSHQsXxlbscYq3Ze/jFo0Sj6F3N5n9
vcFjD16QkskeDvXZHlW1CkjRhndL0yfz+aLIDOY3hbzOMA==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFxTCCA62gAwIBAgIIfQ7PdRb79AAwDQYJKoZIhvcNAQELBQAwbjEXMBUGA1UE
AwwOUnVja3VzUEtJLVJvb3QxHTAbBgNVBAoMFFJ1Y2t1cyBXaXJlbGVzcyBJbmMu
MRIwEAYDVQQHDAlTdW5ueXZhbGUxEzARBgNVBAgMCkNhbGlmb3JuaWExCzAJBgNV
BAYTAlVTMB4XDTEzMDYyNjIxMjI1NloXDTM4MDYyNzIxMDA0MVowcjEbMBkGA1UE
AwwSUnVja3VzUEtJLURldmljZUNBMR0wGwYDVQQKDBRSdWNrdXMgV2lyZWxlc3Mg
SW5jLjESMBAGA1UEBwwJU3Vubnl2YWxlMRMwEQYDVQQIDApDYWxpZm9ybmlhMQsw
CQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK+iCQ/f
DVAF72vGoLoX1A48RfjNf28jbL/kum1oetXLVOSM27+J6t/mG0FzSGZt4qMg+ZTP
3JRJppm4EchMD3r0yV9Vhc5EfIMdQTT7+8BzOw+LSi52A590MSojdWUEAqCD6Ag0
p5MhJXalk2qTP1lmixYwk+kdVYbjFGjdQebkpR0cNnRy4VRtUAHadBqkx7uuk718
hpwci3lr50/H13dgqWPguStZvn34G2BD2HNVYbew2Onz5R4ToTc2niUFXDbksnDt
L5FGJRji6SA2wEmVeH1LwnGo7hCy0LTkDKdDTKMQBE9edLsK7wD9C4mjR4m1XInc
srkctlVUCo1u5zEjCN51b2Z7UwfoE8IeIzy31RJDZLrGhkRj7PXR7vwtJwniSHCX
srjmip4taLa8h+lIiBNSmju+MYgsmVA+j6Mn0BU3OLjvL7jh12s1vIsDYGQ4SIML
4hC/6cFQDuCaAu8CeSiBOxvSm41p66oO0qglTucO+HePjP65UgDqmHS5onDdbIfN
OmqSkzCWm3B5o+/b5hRwpdXjjy50OTkf+IJMoUYrz4luflkdk2D5s7N7YWEhQ/z2
6mt/xHmzgTNqFC1kgiVQMXVTIDv0lV+eT6LuhXI85UOy5lipPuaF2YM4BEwx0A68
aV1rR5mbwQE856+YbjzW7Qmjn/WTV3EBu3eBAgMBAAGjYzBhMB0GA1UdDgQWBBS+
PqAGhSq+ltgvqDEpFuWb3g1x4zAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaA
FB54IOsTh+kOPKs2Vqa0bSnOOaj7MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0B
AQsFAAOCAgEAFAJ2i2CdERggwKIf18nusXB4XTC5d9Ibx5EDJ9/j0dUNqyUPW0nW
CxCod4ZLrlXbOPQ9TTkhiBlfiDxaMmxdEaQG+kRXPW4I5bGujs5dUpIw8QJUWca6
OT9AcPvEWNLnFi8M8zmOll0binkhbt3/3XACFxRPCLb6ozCdu3pcnDWYKqcXv+SE
Cr6JNwt0pKH7Fp90zDYNWP1zH+bzJQAajA/gdEIyldEMbKRcVI708+ANdKsEsZx9
fMf6PSpaf130tSD4ynd5fyBRm5jy5WuB0zOmp6zWyHQBLZth1k/5sfKlmqGLkR2D
Qfj6qnAJOFzygZnFuMrBEXFigfbi6HpLot1n9Q954waeGZx4O+zfjUSSCSg8HHIN
2eMb5DZ9TpvT70J1ql71Ea1bA42fxUW1EjfXB6daYJAwNGlJAWT2KGe/q2Nkrz1P
CRwMEQo5Kd1NH475tTovnSZIA3qMa6J5K0o70VhLeDhERI7AXe4MEPhFl6o+8Kzi
2An6E0z7tzEf4yJ8nqeiFqjoAGZvvPDzazkR6SrN9mrPJdbKwTcFCFt7X6APQSUT
QRp1uFRXojKEBk3la+r8oTDKW0vrlzUTjfoL9GH4nmxCy+hV6T0O5zUgl97I19iY
BRryQKAIlWQHHCBd3CYDeZ95sbYW0I72KxkEf9u8CFXuoZucH7bu4Fw=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFwTCCA6mgAwIBAgIIO/wdAlmeJrgwDQYJKoZIhvcNAQELBQAwbjEXMBUGA1UE
AwwOUnVja3VzUEtJLVJvb3QxHTAbBgNVBAoMFFJ1Y2t1cyBXaXJlbGVzcyBJbmMu
MRIwEAYDVQQHDAlTdW5ueXZhbGUxEzARBgNVBAgMCkNhbGlmb3JuaWExCzAJBgNV
BAYTAlVTMB4XDTEzMDYyNjIxMDA0MVoXDTM4MDYyNzIxMDA0MVowbjEXMBUGA1UE
AwwOUnVja3VzUEtJLVJvb3QxHTAbBgNVBAoMFFJ1Y2t1cyBXaXJlbGVzcyBJbmMu
MRIwEAYDVQQHDAlTdW5ueXZhbGUxEzARBgNVBAgMCkNhbGlmb3JuaWExCzAJBgNV
BAYTAlVTMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAy3i6PCnjAzCa
EqxdKoykSQ1dJUWOi3rxtormNFFN0CF3BRhIokelq1YYhWZHR2MeRzyFaFJek4V1
TLMrgEaSpWUq97/T8wssUQ3pInhSmE4WNjby8bJvmUa4RfEK/mWKDSeWTiGJqmly
y2JGysNapSHLJiCYKKOWLBUDxgCtXn5MFt0oZCsF76sM/hZlJQmvNl1u7lA+MLRZ
HGHUYsJ8hCz/c9Ek2ZLZJv3FmNV4q3r8/mCnbmn0HNLQo7ImEaJBW8+FT802lU1P
FeUFvrc8Pe792bM5cqvAOPyLhgmuorAYQV17pnn1m9quUB09tXEqvbAtLLWuVywK
7XTPeZkny3sq9IUPnBHnveYFMXbej4HZJDBOuOGgVlgD3pEJS2LoZExQMujvZzid
P87ZjvEEW5SHUBbOC++JWbf1ZhZOOzPIjHHOmEYIRNGosYSx4Ek5XQJALNk25djY
3hdTVUHi4IpmXjKCeGZ6F0B5xZc1n3oFdvqxFWEDq8NLMKtcKxetARN+DAKcS0aj
PHyciZ3N22tzj4u0YmkKJtSIBZnTzPWMwzmHPNMRDyBEprnejE4b1gkTId/zc6Xc
WjJMWFCU49/kzeXFBO5IJphjMpt8Au4p/oG+kA6BM3OUgvs/MVI9DkO5ZBPXPlNa
xV+gFDfUb4F4x441jDvZ7rokiINLhRkCAwEAAaNjMGEwHQYDVR0OBBYEFB54IOsT
h+kOPKs2Vqa0bSnOOaj7MA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUHngg
6xOH6Q48qzZWprRtKc45qPswDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUA
A4ICAQCReabLkon06uTgLm19Idpt9kO2inl4koPBCUh4a64295QXA317HTrnSVuE
nxYPg4baRQkEGVCzDjVh0WJ+8EmwTlnkfe097UITtmPDwuTnlagaZ2jRtZxA6SJg
qDB8fupsAplsA1DsRAxq6JcOGSyejhfEvDEfr0lf0YbYEpdmUwfM01f+ho3yI6No
S9j7cylUgrkGYSeqHhEwE4k76uEMu4Ls8k9Uac3SPidqbqBhMoHPgXymCUkXjmix
jlrmfYcvdg+U3aoTVqrLngLUGdLSTYkxs4IxaOF88AN+GGXeMXCNPjSKIk5n/BjV
AoSyz2qfIPl3YzZX19OpTnJZc1DC0mLqVDAc111uoRL7VaPrbQDofImiYD1HG2uX
wrcR9IabKxMC0F+uEjZpkDE5TgpM/CsqKQAdqMtfZZZkIOcwaPRSJKpC4xp00jdr
Aylh62MUHIscV6pdlaXSOXFFVBwcZBNR9qM1n/rQ0k/DTLsfS9O46cHCSXCkMgsE
JrFb/M7npzg1AhoUkL5a0iMw6QP8aBsRPGUvwWb0TecX+LQWBO6Y82eGybhcXRMC
MmqqThqRr5KSkVzslk2iwqV6c/6IFHnxIKaFNHDs/NW9/UDWsSGepIFg6gYRMEtD
OHuY92ySkJ6BHxBJiPCgMW9EH5mRrn+hGSEO4XF4oCZHCryKYQ==
-----END CERTIFICATE-----
Add a carriage return to the end of the pasted certificate, or your HAProxy setup may fail.
Save
Install HAProxy
System
> Package Manager
> Available Packages
> haproxy-devel
> Install
> Confirm
Create HAProxy Backend
Services
> HAProxy
> Backend
> Add
- Edit HAProxy Backend server pool > Name:
SmartZone
- Edit HAProxy Backend server pool > Server list >
add another entry
(the down arrow)- Name:
SZWsg
- Address:
<SmartZone Control IP>
- Port:
443
- Encrypt:
tick
- Name:
- Health checking > Health check method >
none
Save
Apply Changes
Create HAProxy Frontend
Services
> HAProxy
> Frontend
> Add
- Edit HAProxy Frontend > Name:
Port443
- External adress > Port:
443
- External adress > SSL Offloading:
tick
- Default backend, access control lists and actions > Access Control lists >
add another entry
(the down arrow)- Name:
SZHost
- Expression:
Host starts with:
- Value:
<external IP>
- Name:
- Default backend, access control lists and actions > Access Control lists >
add another entry
(the down arrow)- Name:
SZWsg
- Expression:
Path starts with:
- Value:
/wsg
- Name:
- Default backend, access control lists and actions > Access Control lists >
add another entry
(the down arrow)- Name:
SZCert
- Expression:
Custom acl:
- Value:
ssl_c_used
- Name:
- Default backend, access control lists and actions > Actions >
add another entry
(the down arrow)- Condition acl names:
SZHost SZWsg SZCert
- backend:
SmartZone
- Condition acl names:
- Advanced Settings > Advanced pass thru:
option h1-case-adjust-bogus-client
- SSL Offloading > Certificate >
<external IP> (CA: internal-ca) [Server cer]
- SSL Offloading > Certificate > Add ACL for certificate CommonName. (host header matches the "CN" of the certificate):
tick
- SSL Offloading - client certificates > Without client cert:
tick
- SSL Offloading - client certificates > Client verification CA certificates >
add another entry
(the down arrow)- Certificates authorities:
RuckusPKI-HaProxy-CAs
- Certificates authorities:
Save
Apply Changes
Certificate error when applying changes
If the HAProxy Frontend configuration fails to save then check you included the trailing carriage return when you pasted in the RuckusPKI-HaProxy-CAs
certificate.
Add Global Options and Enable HAProxy
Services
> HAProxy
> Settings
- Global Advanced pass thru > Custom options:-
h1-case-adjust server Server
h1-case-adjust content-length Content-Length
h1-case-adjust date Date
h1-case-adjust transfer-encoding Transfer-Encoding
h1-case-adjust content-encoding Content-Encoding
h1-case-adjust connection Connection
h1-case-adjust set-cookie Set-Cookie
h1-case-adjust www-authenticate WWW-Authenticate
- General settings > Enable HAProxy:
tick
- General settings > Maximum connections:
5
(any number here, the # of APs is a safe bet) Save
Apply Changes
(ignore the warnings)
Add Firewall Rule so HAProxy receives traffic
Firewall
> Rules
> WAN
> Add
(the down arrow)
- Destination > Destination >
This firewall (self)
- Destination > Destination Port Range > From:
HTTPS (443)
TIP
If you can apply a Source rule (e.g. an ISP's IP range) then do so
Save
Apply Changes
AP configuration steps
- Install the latest Solo software image onto your AP
- SSH into the AP's CLI and configure the SmartZone's static external IP address:-ruckus-cli
rkscli: set scg ip <external IP>
Optional: Allow APs with expired device certificates
You probably don't need this!
Ruckus APs manufactured since March 2014 already have valid certificates.
You'll know if you still have APs with expired certificates (also called Old Ruckus PKI Signed) because your SmartZone will be displaying a big red AP certificate is expired
banner at the top of every page.
If this is you, then I guess you submitted certificate replacement request(s), but Ruckus refused to help unless you renewed your AP support licenses.
Add expired CA certificates
System
>Certificates
>Authorities
>RuckusPKI-HaProxy-CAs
>Edit CA
(the pencil)- Existing Certificate Authority > Certificate data
-----BEGIN CERTIFICATE-----
MIIF6TCCA9GgAwIBAgIJAIEBTBXFP8lCMA0GCSqGSIb3DQEBBQUAMFYxCzAJBgNV
BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUx
HjAcBgNVBAoTFVJ1Y2t1cyBXaXJlbGVzcywgSW5jLjAeFw0wNzAzMjkxNTI0NDda
Fw0xNzAzMjYxNTI0NDdaMFYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9y
bmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxHjAcBgNVBAoTFVJ1Y2t1cyBXaXJlbGVz
cywgSW5jLjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMIhlrV/86+P
V/OvDIUWchq+SPo8EiN6yjF6+2DH2DzsEEolHEei4+svH7trfT22vh1Y5lggO251
Eckr/pPs5N8oin/h/JtrgznzUZx6m2oOcowiG+lXkRkg9ySJ+OUe+e5ZvKpAYSve
HpUnxU3jNM14u420MuTJ0pukjJMH4a07U80gKsn/SRP6pbSUyii5ZLs0+jLXqk7t
p5BlF1WzwJRBk4taSIVwBF6eUyU0FpPGhLqYvi9UjxL0JsyBtnuiOtFrCgtLx03z
9SOcwOncnabLkGhhGjybxXa3HQ9cfLm6AnycQCa4a693PQwMHGm4iRRgygL6JxKm
CWbanXRVRo1c3Zaw93TwWuqdYhBRY6OAfPTXizV23MJEp2z21l0AlonoJtq7tDNM
lPHYSVrOWnGrOCmL/eFZKpa21xldfwbxsDQ/F9oGbStJm0zORpmgPGZERxyUBWsl
RVcrkK48giAFr4PNwOrxilTuVuhEzsOeuMMwtT+kvK+730f6NK8Zd7MoKcE4o001
tl8R3LF+NR/pbX6WgYA11l77Xr420WsSMAy77ccwE+XTalGeSBwDjh70s0+7cEiN
uy5MbXHcIkBl3RwRx7EXXn41sQYfiIoE7DQ579V8blo8b19uo+yZtMJHfK8mhWgf
pTruuOwDp4RDJOJhllcrEP85ryFq8opHAgMBAAGjgbkwgbYwHQYDVR0OBBYEFGXD
nvigM+7ROh2IL3TvdNFWAPmOMIGGBgNVHSMEfzB9gBRlw574oDPu0TodiC9073TR
VgD5jqFapFgwVjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQ
BgNVBAcTCVN1bm55dmFsZTEeMBwGA1UEChMVUnVja3VzIFdpcmVsZXNzLCBJbmMu
ggkAgQFMFcU/yUIwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAgEAm+g8
4Ouhrxyf7Qjg6msD2pL16hZRCeQv/ewWZalyTzISxo/f5lvJPO3IFWLGXPNCJ7SO
L7PNvTVSFOogFlo1VL5xzkLUwBb0Al50MvUJ05G8tOq3VOXG2d4BItfUldm4gn8p
3YgENYjjejQF9MwGDnEGhWXpd6G7fovnPXp/d4AK6atUGvfYOupmYRYajvMxltF+
JAkcrYI8DIYrCAPE+TppX5YyryYRYPUXSuFMiSlog1x3jqsIkC4KKXfzI7MAqS1/
1p+3vIFjXvwgyBKWtOYnvxJN63Jb3zsj5X9LwcngHw6O0ns1tts335g4GEumU9NB
O9vufg85XJ4/VtRl2EPLM641MjEtThrlyqy/QKE+3Pb9f59Bcj3LYuYmgrYVSEBZ
Og1WIXAwoi2lR5gWDFdj81hniw++DXE71534ipEBUCBQsHbrguEPZyvRQQRuXsUV
WcJ3oEevPQy2D/oJkK1vz9lKsbMmvbSfTmJCxwgc49od3u5sIYSHs4ziKrBJMywm
s9rOvdQzNxi/Hqzpf5vvwE/ZTUkhUV0oAtrT1HPv1Eh+LROUdIbdlYEkRUX1OAdJ
fqPw5aMvxPJSqU7aNm1aFXcwLEoDbLkEJdhs/Fb/xRqQgs+O1w85QL7oZMgQBlA9
r6pzDPzXzPvGK5ap9mC/yoQdRiOvSreb86YIM6w=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIF6TCCA9GgAwIBAgIJAMZhR8RSj38uMA0GCSqGSIb3DQEBBQUAMFYxCzAJBgNV
BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUx
HjAcBgNVBAoTFVJ1Y2t1cyBXaXJlbGVzcywgSW5jLjAeFw0wNjEyMDEwMzEyMzVa
Fw0xNjExMjgwMzEyMzVaMFYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9y
bmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxHjAcBgNVBAoTFVJ1Y2t1cyBXaXJlbGVz
cywgSW5jLjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKGD7wd1dZRA
vTmPq+NwPhguMcc9e1SoRkb2RqOeXpKcM9YH+qZkcXUsK+MLKSN0VLnuufhdHmN8
Rgfm5DRciieShzqpR8CjotPMiRgTiCHKNeacXP/04iAmvC/5nlEqBAWsete+9JNt
c+I6P6ROqh17PEGftt/JkUqmSVn9D1OS/uaxjqZWJkCC0vVbYGfUfUBFyD30PK2Q
afJnIhKPVt1xx6VogaGuD2/4ykVDxsLqCJnTAWONeX6z3ui5FIWqNPk92Jw/yfQo
CRLu0Yi5Ef22LI6o8BMNoay6Fjg6bI3kVgaz/v+kVuDxzhsIguJ0VUn6Y1QqmEar
Hni1WaokuJoNKt3JdI8P6Xgz5DPw+bkFWuQJ8TkWq8/CiB9gqk3H9SIIz1hargGs
cAfaf7/zf2vOw18bpcWeZkoHEu0oRmVDVGLqH8NXPk369Yth8ydmlgvwmeSqRovw
6eFX005DNBExJ9yTGR91ZbSA3kaxHAPhqQ91NnmF+xqPqU2fb52oS9WSNqvBUWwZ
F+0qVVC3y0atlaUgS/SB3UVE9TtP8pwZuLXXzgzWo1wernhrIriy3b2+ExoScW/8
Szdi4DgaF7jzhWZTlMobfveDDKTMeBXd/Szmhn3z/WAc7f+XtxZq82Z75DH6cNK4
J6NskIRYUKux0GzlOs7DlcIFzs1jqI1XAgMBAAGjgbkwgbYwHQYDVR0OBBYEFIGH
zlD+umOFxbw094R/4MX2mF3hMIGGBgNVHSMEfzB9gBSBh85Q/rpjhcW8NPeEf+DF
9phd4aFapFgwVjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQ
BgNVBAcTCVN1bm55dmFsZTEeMBwGA1UEChMVUnVja3VzIFdpcmVsZXNzLCBJbmMu
ggkAxmFHxFKPfy4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAgEAder9
Xwg6aTUgPT6EUf+m8inKkRmElOfVAlj3Vcg3VJLo4jseLbFNLxvS6pQf1fx7bkNO
lfHj/D510KqWO/8yS3YTDywcsGWPBy+boshiP8Qsp6qZqA+RD/Mil5feUSwQuTu1
np59vMUPtIwt9flDt9Pmzm6FNQdYCNprikQhrXmm5GNdB7mPCFUErP7ZuKhuWOE1
erp9KX8r1uQrL/MLKvjKRUHjc7QkDqCkorrUVozqcXIEySkvPlq7hlc/IIjBzYrq
2piME2AuueyV232NLc4ZMUy/Fm3AOlEOo2UNJ8NanFKIXzC/mA9k8mDF4IJiiXKw
+g8+Au/axEEhHTiv0dUkOeAjyOqjRZl+BtN7NUiP/mEjMajjt+gqIxpS3DQ/yl/R
hZNEPbD100N4bPYOx3i9ZmQVsR2mmlEvSUm9zj4Xi8fHMqDCAYT3Xafy6h29zcLl
AKWwDQAGzpsCjIJ7lcK/49g5b34l/Ay8oVOaqLSJBmWQhlw1z3oRF9m2UQ9TwJjx
NS5bVg/DvQjP1ZXpyGXrAeTbzPwRScKyIcK2fSDTSJtIwkTXQwRjQAzDZg2V47kK
yXtCxzQ36aGIUiG+QMmQHkL3Jrn24tWvD/cjVAOy0iCXIlXeSIzMKe2lQYsa/D8w
epfDKi99C6Oxg3o1xaDyLQn0hEJtP45NDJGpCwE=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFwzCCA6ugAwIBAgIFETMpBSgwDQYJKoZIhvcNAQEMBQAwdzEgMB4GA1UEAwwX
UnVja3VzUEtJLURldmljZVN1YkNBLTMxHTAbBgNVBAoMFFJ1Y2t1cyBXaXJlbGVz
cyBJbmMuMRIwEAYDVQQHDAlTdW5ueXZhbGUxEzARBgNVBAgMCkNhbGlmb3JuaWEx
CzAJBgNVBAYTAlVTMB4XDTIzMDMwMTAwMDAwMFoXDTQzMDMwMTAwMDAwMFowbTEL
MAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVNhbiBE
aWVnbzETMBEGA1UECgwKUEtJIENlbnRlcjEgMB4GA1UEAwwXUnVja3VzUEtJLURl
dmljZVN1YkNBLTUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDWirtT
xCEZA3iTI1nKhUa/A9d5irdnK9MaXyL9WWFmo3yXmd+gOa2oJJHMa1GzBt0qmAZc
J5YdkNXbJsECDwFgd3mnVHndt9yePOI5hwuWQdOqH73PVKtYF8k1Zphse4DFc2ez
noMsjEpfMndgNNNS9fGnPBI+uY4Vob0e+13PZrGqKBl+eLqpKg8/QmSpgxO/GCd+
EqhB59dATOMlTHajUEBge+VjM5HLxlVOHdT2uZTX7QAlou74vNOONOc3cDPTq6su
YFpNw/ci+55ijZT2GyBJOI4QchuSDAk7RkJTDOMesrZvu9aLtp0IUCc3iiYC9RDG
6Hh4Df1n8rYYfM75+d6DeU82WCyGutY9i23W3tklozJHHykLD7Q8I57MNClbW3IM
WTuDEak/92nFFXWDC9GIK+EHXUL2w34xM28mN1uepVX9/tou9GONsU2u8BYTXT9M
BkiX1efRoua6idwbQbNvQxLv9yNqqpPABK1x1/vGCk+rWK6ZpKRNPPcAkk2uOXTw
hSVa4H7Ix6bdW29FOp/BhYJfQzQ3TPh1NwAs+t4YsLVdezCSCuBlTNJ+XL7sGqB3
FlzBKeD6DcxNEhlPQhNlSBys4Z0HYkd8AX/yT1OK7hXO+gh7Mv7aRKRDrNYd6L4A
d4YLnBBeAhIrEux2tJtoMLTuGtfCFZmOe4nw0QIDAQABo2AwXjAdBgNVHQ4EFgQU
Tc6JB/IkYrT8KN5cKTZDLLszm3UwHwYDVR0jBBgwFoAUhpRz0Fa+lCguPBY7V0x9
E9n4IAgwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEM
BQADggIBALpKd5kDkor70rI1jIbmVrsFbR+1aKuQZjKgQNCN4UQZjG/anzMd7NC6
M1qBIs2LcMJxXc+oe2xqt1SwlyHov0QPEOEZSVrmkvIQvekIGIzefp3dDPbeef8J
0xY+ctvlZeqw0RkIumXSXMIxZzIiSKZE66nZaCBJlJcMEgMjwmrpVRP4LTaWePIg
ABu9xX5TspFHXuy0dcXM3nNCdZZDG8c0lHBti/p05he3yM/5ID1AE3th8GnzNrHZ
PB1JDiWOjILQE+Ud/DU9asjMprprGyfLTzr3L5IWYeg0EU4Cw2QrmjEjSZ3ClsS/
x283igLvJ+pmsvDsgyKExArvxGNLUtHKKzv21Mb0PjQUQ//kIdttRzxy5Ar/S4KU
bK0LpvUC4u57cwhwGL3CqwXHYbrNYJ8wr+lhMBfGfeM5QuF15k7es8oMlz4fquVs
hFF9Y18ExivcFmH6oMUvSNSCtQbpWhrMVSRqeGGRIq0FZ6qKz5Vj2d1q1SrQH9pz
9FKJNrEBIr3RQl9Mb5a52IuaPtsN+/TTyxGoTw8mbRAfOB4cbHM3QJIo01q+yngs
lS8PkNdjO2tFj8gysmwCYZzu+n+5BWtfrck25E4jwRNhZ56V2M9iVW0/J2+eUd44
0fZMML1+lY42RQFo/aBY0pXPC9cfhX/reCffsV8Od/+eqqVdk0wt
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFzjCCA7agAwIBAgIIdVfvuHSs7pYwDQYJKoZIhvcNAQEMBQAwcjEbMBkGA1UE
AwwSUnVja3VzUEtJLURldmljZUNBMR0wGwYDVQQKDBRSdWNrdXMgV2lyZWxlc3Mg
SW5jLjESMBAGA1UEBwwJU3Vubnl2YWxlMRMwEQYDVQQIDApDYWxpZm9ybmlhMQsw
CQYDVQQGEwJVUzAeFw0xOTAyMjUyMzQwNDVaFw0zODA2MjcyMTAwNDFaMHcxIDAe
BgNVBAMMF1J1Y2t1c1BLSS1EZXZpY2VTdWJDQS00MR0wGwYDVQQKDBRSdWNrdXMg
V2lyZWxlc3MgSW5jLjESMBAGA1UEBwwJU3Vubnl2YWxlMRMwEQYDVQQIDApDYWxp
Zm9ybmlhMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
ggIBALCMHHCq1Sz7uGIAON9r6OgggXSWNu3lH+ENZJQcI//7s/KtHa98Y2SJ4J0b
u7QdVHNSC4Uv4rE05Df/c18Xe9E8aDoogTxGKs81zVDOr4Ip49BHXvMo3OnW/GR7
emQFv4VX3f/wrZEorVqx5+jt6MaMcbBQWEZgZj/EITV8u4AuudoKBDdmpUMIY/K3
Mjtg93S8Nym7Ee/6vVmumHhU15NC4x++2NRKbP+jhvvvLDO1xpqNEnl1qim9CiEF
THPLlBXfinlpeO/xV0xycchG7fNkML/gjI6f72Y0Co5WFpYIeG9rCtIm7zRBI6zG
eVXS/Y1L165pJIdEV4KepxrIbB1KoZCA6Iq4WLlONKjoq+BY9fzLRhOwX2qjPSQS
nvJqJIuoB5x4MnC6VWa590nSZqIIRTb7NGbThHXyDJUUdTLk8+DEGCFSHwyd8wX4
nu8M2sZa+55hrHrggj9+0eBA4NM4ja6jYLi0n+aHLSspNNJ+wH+PymV79ulvsx0D
e//5U8qF2x1TDxtxkBI0Hjl53uJoMbDXjd6ZIV0MJ8k2m9Yecg0AYjUUhlSnYWWF
dj7yEjwAQ5G0sr4k9gJde5THxPK7Itp9d08eMpEGRQuyMdJtHrzXZnQyrMDkX8jU
aWcnzXvTP7q+Q53Kc8wKR/58b+Ozad3dUVL/p91zGG4uOFMVAgMBAAGjYzBhMB0G
A1UdDgQWBBSylVWIhaf1mhcnNfxXkHFuOO6vZzAPBgNVHRMBAf8EBTADAQH/MB8G
A1UdIwQYMBaAFL4+oAaFKr6W2C+oMSkW5ZveDXHjMA4GA1UdDwEB/wQEAwIBhjAN
BgkqhkiG9w0BAQwFAAOCAgEArso9U+sOqpRoexE3LOqw6qASuH9P6AbR4kqcM5Vx
H1hn3nkhkwsOJcTu+PkpUzatQXZhF7E7H/bb3n+Ww2W3FCdt2KDnF8nU5nKoQnKS
ObzE08TvflN+GJhCNENl8zHeu+PkqTNAF230vj5JXOHiqD6rVQpokIsbLpbjc0PK
tn4Co1K9cf5EdzYONwaWAX9CGlmScmsmFtgETqBNJjybHgEOWqqYcE9p+ZPsdedj
4D/frIkzuAK85Mf3pV7VYe606Jndyec3IAV71PEfKHr7S2FM3b0k+4Z0FrPcnnCf
NSR1OH+tJTNkCVKX7mKPHzDFMioTdQ4vcsBilQ9d/KZPOrey1VWBQt/wpFbFSBVW
T7CLPAwg24li9NhBMMo7gmnKTuNf2oxK2/ZBKHPQNtkBZEcd0RPuCfhx0MVb8jjr
oGawI3fscHYpawUP3+6LcyOVOe8o52W3xrOkakzItnyDhw9mXGdBKBdRkkMfVhwO
3lGPX1H6E4OQT4j/zJPxKem+yOHuBLZMHwVAgep4vmflwNd8pIHQXlICCt3iBGuC
OZa0QXzfurOjSwOQOpg1FYaclx7gDi2hfASw8nIZk0/2Kf0I/Hksmlkmzj/om1KQ
7e2GyYtRtQCbrD1wNitvyboMjvwqwRcz2WsMCL0skdHVP+nECOLrYGqVQsIqv2ZB
2SA=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFzjCCA7agAwIBAgIIEHB98YRBJUkwDQYJKoZIhvcNAQEMBQAwcjEbMBkGA1UE
AwwSUnVja3VzUEtJLURldmljZUNBMR0wGwYDVQQKDBRSdWNrdXMgV2lyZWxlc3Mg
SW5jLjESMBAGA1UEBwwJU3Vubnl2YWxlMRMwEQYDVQQIDApDYWxpZm9ybmlhMQsw
CQYDVQQGEwJVUzAeFw0xOTAyMjUyMTA4NTRaFw0zODA2MjcyMTAwNDFaMHcxIDAe
BgNVBAMMF1J1Y2t1c1BLSS1EZXZpY2VTdWJDQS0zMR0wGwYDVQQKDBRSdWNrdXMg
V2lyZWxlc3MgSW5jLjESMBAGA1UEBwwJU3Vubnl2YWxlMRMwEQYDVQQIDApDYWxp
Zm9ybmlhMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
ggIBAMIzxSAKSW0TNj1gIbuSqR8rtM7m2mZSd+60YlFUT/tzAQCChMl5Vsy1TN3L
Xop/VvQyUuTzHcZxyK7RD6nzymM+RrdbAJY9Q7s918TDYfKL7ylNy7Xmuu2fc+4d
9K62K3N2mCsx6Zv8oXzp62AbxBQEjdO4B/01KI70w61eBx6jOcr/rSFX4cNFD23A
Op9t+v3DyFerd8LYbMNEdhP90nkz7DVaillij8zZhIbc9PdO6TMHBtpCANv+kOIk
Q6OHfeMYs+8IOYZ4Ru/Rkxqdk4gbbgeEUGkvTpX3M0ySNFidw3QEMtUYTJv68es9
Hhj9dNwwh6Agb98Mga8N24v8izj8gEU206MrdnmGN9bQ3+rFWi8iqnjcO43WCn7H
kOVx7YtBx94hd1BMp3E13uFIo0Wk7IovQPUv/NgfBnEldhr1jsYuXCTSrBpInvND
DleTXmtpCq3MCZGarQwHTd2Vkrgww3coLcfk07/VG9QjNPxsz+HlOYK6kQiWWKBM
uVTUsAafW/LQ9nMH3BvT5FY7Koa0sgwTJi95ZdquC6nDvn5lmrCsXG9j+GuGFTsg
6oe3QQJ90LSPrD6OlZzwHFbGbGuF7WXiXEafLvAKpxIpRLmEOajLWX62LN5ds71I
jtu+Xbg51m9YT8vpGPRA95g+4KTekeGz9cyHxSDhuYmrzKwXAgMBAAGjYzBhMB0G
A1UdDgQWBBSGlHPQVr6UKC48FjtXTH0T2fggCDAPBgNVHRMBAf8EBTADAQH/MB8G
A1UdIwQYMBaAFL4+oAaFKr6W2C+oMSkW5ZveDXHjMA4GA1UdDwEB/wQEAwIBhjAN
BgkqhkiG9w0BAQwFAAOCAgEAlW9OTpnNmdkis2kezXqpz9/863cTFRMEgq/o5DSV
4bBp9hsen51zpbyqo/Fk1mVPRCoOASDM5pA+2rNNJQMMjJrQ4aiUz3UXh3EaETiA
l8SRO0PahHTQL65x5e8RdJ5QP4eFv0ZzKlnAx1uTdlUUmC7FEqmjx8IqQohulGwJ
Sg1TXFOlrAAg5tk5F+gDvAf5RmGgGSKnxaoVKmu4JC7TB7Gb4R8sO1fHpC4F6Xf0
mg1US0FNUtS+ikN9yNEJv8rql0oTqnUWPrMACRMv9wwcq89gUBvIx3M8RvGMAWpA
u/BmoRPgOhllLos1OXsYo95qlJSUTFOk+zJwN4wZRFH/HbIfzH29l39Ch1PEUCSD
cSRBw6NWK5n7nbIxltgMsvUHQ1fH4ea40Ke7deiBxezzy/u0FZPBSuW5g60ZN0PH
P81LQf+1ZGuBR5W3iySkIhdNChUhvMV3hIPt0S0tEJcIPAzWZgTTfg2bZYVl2Stk
ymGgIqhvCXnmCIFOIGvQdk2XnGwYiV3zhg+LTGleHv7lFql+9ay2d9hr82IEm84P
afokqpWoFv68kDellG+NsSwo47HIWk8adoXaICZeqwFdS6be0moIrLJGuiFZ/qhv
Yuel0wRcCryJ7AxiUQWpvVklix1FyZCrdI7tbXgKpQ4m78tcHt/MeHtC9HtwrnUn
arg=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEzjCCAragAwIBAgIILPtrVmn6XQcwDQYJKoZIhvcNAQELBQAwcjEbMBkGA1UE
AwwSUnVja3VzUEtJLURldmljZUNBMR0wGwYDVQQKDBRSdWNrdXMgV2lyZWxlc3Mg
SW5jLjESMBAGA1UEBwwJU3Vubnl2YWxlMRMwEQYDVQQIDApDYWxpZm9ybmlhMQsw
CQYDVQQGEwJVUzAeFw0xMzA4MzAxNzIyMzNaFw0zODA2MjcyMTAwNDFaMHcxIDAe
BgNVBAMMF1J1Y2t1c1BLSS1EZXZpY2VTdWJDQS0yMR0wGwYDVQQKDBRSdWNrdXMg
V2lyZWxlc3MgSW5jLjESMBAGA1UEBwwJU3Vubnl2YWxlMRMwEQYDVQQIDApDYWxp
Zm9ybmlhMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKpcBsXAnOPV2K4zEbNMrBD2qFXvilZpOEd7F2Q66zzZpDTuHAmcivq8ot2D
a2EoMR/NcWQIuoTCO/ePtyrur2UszCMpO4qe/lbhBez06x4HSb/Lh0LCOr3QSwUx
y3kk3ubPGEFFoSFuWU9mHv+DjTzm6iLXf3x2v9ofbGXdLIGdt3y1HAGmkkPmYoFe
antNmenZmi1PymAtXzhLQ2mi2EJHE9ySkgv9GyuR3q8yXgYqEM4Gv6YlTjaDFto4
ERm1dgK6vID6vJ0xe1hvko++oghlfrU/akP+Kd5vDqXT/1VXNLutGpZv7ZXQ+rUC
j0lmHWA8YheuBV9QaOB4oWWzgnUCAwEAAaNjMGEwHQYDVR0OBBYEFGpTsB+yyOjd
xKlxKs8UbBx3mbz2MA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUvj6gBoUq
vpbYL6gxKRblm94NceMwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IC
AQBr4/5IdbiMh83hl0J1Bl/9MBfyiiGUdHoMnDkYf+XXey1noTReLSUDGpWmnaxU
BD/i/hWUZq6r+bSRJLjG+dBLTkUsQjXebsg3tS0YvB4ocvSLapC0rniX+/Rz9G7u
MwHzuiGvB6ZonAmaY3JSjBBaLmXX2+ApMYdPMwWIDsJ3iIH1HxSI1y6gDBL8kl4H
UTAkE+JgRxVaEJTQqNd1XmoNXmz6TPw1fgNLVFweWGP6TSS8GbyCfEeKGw8Qx2QU
WrKNpwenhFT2XHejP2HDDQhdKco2A3AXF7Q2VQQRYTzu26s/hGR6Nous1JzrWWl2
849j5KSnNevp2ZUdMwugLabRSKncG7u2KZmOV4yWXO7bMspS9IVQ6QGLga+urhAy
GMKh37JpRI3JAllzgMjHcVtiLWytuSxudt3eoX6SAdzCdZBBJo7IyVZh5SAfAyku
ZnUX9SSOdUZqbuD69umWenweF5V++oixOUvlKkbO1QDN0KsuOadXExBInPC7+xP8
UEmsxaTcKKVYRs8EyZr5o7YNJT8Kg1t3tNV5DOiH2UA+cRrS2puO2gXwIPyQq9Bc
QlYtWTNFHW79jqqkYPZU0PWxnwzu7U2LDnwkAIQ9zqYJ6oEXJfZ7CtLIi3HBr7et
NEEbtPM9LtDvQEPjYyosSCgg3/698XpHu16gZ86DyD02AQ==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEzjCCAragAwIBAgIIOSjCeG3f1yowDQYJKoZIhvcNAQELBQAwcjEbMBkGA1UE
AwwSUnVja3VzUEtJLURldmljZUNBMR0wGwYDVQQKDBRSdWNrdXMgV2lyZWxlc3Mg
SW5jLjESMBAGA1UEBwwJU3Vubnl2YWxlMRMwEQYDVQQIDApDYWxpZm9ybmlhMQsw
CQYDVQQGEwJVUzAeFw0xMzA4MzAxNzIwNTFaFw0zODA2MjcyMTAwNDFaMHcxIDAe
BgNVBAMMF1J1Y2t1c1BLSS1EZXZpY2VTdWJDQS0xMR0wGwYDVQQKDBRSdWNrdXMg
V2lyZWxlc3MgSW5jLjESMBAGA1UEBwwJU3Vubnl2YWxlMRMwEQYDVQQIDApDYWxp
Zm9ybmlhMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMK9QzxsBMmPXtMH/j0iq7F1Z7YDZ9jv5wYHW37mWdHmBne8agHjCLB7mD5b
GVdknWVfvc0GWW49S8+YpyKI684acTKq3sf4kwzFp9aPuPcrnHzl1XvwPOhxsg7m
A8yYNvVGu7TpJiFR62l1RVj44dOMm8ZpARBf+gTam8a0eiS2V0GlnS25WCHOpm1Y
ypx1lePz4fBGk3OsOGO6lrVlGg14Zv46muGqwGr//Q+2UwxyDVd+a6ywIEzBiQiP
geA24EJC7/LA5/YeCk4rMlfZhsOv4nI2ncF02FnJiv0kGHNpZeour8aUyuSP4xqo
hgtywQfNzu1vK/ne70C/g7MYAWcCAwEAAaNjMGEwHQYDVR0OBBYEFGjC8a6J92dX
kxnJt6iIrfDTe7MdMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUvj6gBoUq
vpbYL6gxKRblm94NceMwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IC
AQCPRP8Z6qxFCiFv2R7Xgj4XP6gaw6ZwrA9ypEcUGL0V8OpsGT9sPNQZeJBVS7qI
vJ5NH58hnPGceg0FvRIU3tQSpaRuIX3892YbQ7MfFvrV/kFQAMqfJCdVe6dRlQyP
izQ7L9l8UaEMsTDmo/QKuXiZ0PLVygQb5Jz16NCmgxtiJzek3xDWA0LOXQzDbofV
ydZ3/Cm/IDqP717RzyvrVuwXNFIKUA+X6igvJ0Yc3+JfeeLQu8AqPe+65IuT7lU8
SZS1q13cvKEs0HVJa9DtHJFYIe1KL52+o7y1LebjhqUTNDKp4eHmhQQBtjPBhu8g
MhE2x45BFQopLFSsG/519bSn606ahJnk0dljXcexGYuRzvBtdQrM9jaUUJ03fz6G
nhbcFqnVoMw8r+EnJrNz0SVBtBRCdZTlpPksie3z48k/p6L5MqbxOBvWgSfpkPPR
WM/VX6ETInlCD63i2pi/0e83I+VAC/IUKA7LHx9hvMx5XxNo8m3d0oXJzNVQj0Cd
OG80Rygm9eKvNaiMdVIH5GSuzEpik5FjmgXyDFnsN+l6DEdLG6RPtav6tQ3TUvfV
wIhVtsoDALuXLwiKwG6JRbj/mMIqATRoXNCSHQsXxlbscYq3Ze/jFo0Sj6F3N5n9
vcFjD16QkskeDvXZHlW1CkjRhndL0yfz+aLIDOY3hbzOMA==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFxTCCA62gAwIBAgIIfQ7PdRb79AAwDQYJKoZIhvcNAQELBQAwbjEXMBUGA1UE
AwwOUnVja3VzUEtJLVJvb3QxHTAbBgNVBAoMFFJ1Y2t1cyBXaXJlbGVzcyBJbmMu
MRIwEAYDVQQHDAlTdW5ueXZhbGUxEzARBgNVBAgMCkNhbGlmb3JuaWExCzAJBgNV
BAYTAlVTMB4XDTEzMDYyNjIxMjI1NloXDTM4MDYyNzIxMDA0MVowcjEbMBkGA1UE
AwwSUnVja3VzUEtJLURldmljZUNBMR0wGwYDVQQKDBRSdWNrdXMgV2lyZWxlc3Mg
SW5jLjESMBAGA1UEBwwJU3Vubnl2YWxlMRMwEQYDVQQIDApDYWxpZm9ybmlhMQsw
CQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK+iCQ/f
DVAF72vGoLoX1A48RfjNf28jbL/kum1oetXLVOSM27+J6t/mG0FzSGZt4qMg+ZTP
3JRJppm4EchMD3r0yV9Vhc5EfIMdQTT7+8BzOw+LSi52A590MSojdWUEAqCD6Ag0
p5MhJXalk2qTP1lmixYwk+kdVYbjFGjdQebkpR0cNnRy4VRtUAHadBqkx7uuk718
hpwci3lr50/H13dgqWPguStZvn34G2BD2HNVYbew2Onz5R4ToTc2niUFXDbksnDt
L5FGJRji6SA2wEmVeH1LwnGo7hCy0LTkDKdDTKMQBE9edLsK7wD9C4mjR4m1XInc
srkctlVUCo1u5zEjCN51b2Z7UwfoE8IeIzy31RJDZLrGhkRj7PXR7vwtJwniSHCX
srjmip4taLa8h+lIiBNSmju+MYgsmVA+j6Mn0BU3OLjvL7jh12s1vIsDYGQ4SIML
4hC/6cFQDuCaAu8CeSiBOxvSm41p66oO0qglTucO+HePjP65UgDqmHS5onDdbIfN
OmqSkzCWm3B5o+/b5hRwpdXjjy50OTkf+IJMoUYrz4luflkdk2D5s7N7YWEhQ/z2
6mt/xHmzgTNqFC1kgiVQMXVTIDv0lV+eT6LuhXI85UOy5lipPuaF2YM4BEwx0A68
aV1rR5mbwQE856+YbjzW7Qmjn/WTV3EBu3eBAgMBAAGjYzBhMB0GA1UdDgQWBBS+
PqAGhSq+ltgvqDEpFuWb3g1x4zAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaA
FB54IOsTh+kOPKs2Vqa0bSnOOaj7MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0B
AQsFAAOCAgEAFAJ2i2CdERggwKIf18nusXB4XTC5d9Ibx5EDJ9/j0dUNqyUPW0nW
CxCod4ZLrlXbOPQ9TTkhiBlfiDxaMmxdEaQG+kRXPW4I5bGujs5dUpIw8QJUWca6
OT9AcPvEWNLnFi8M8zmOll0binkhbt3/3XACFxRPCLb6ozCdu3pcnDWYKqcXv+SE
Cr6JNwt0pKH7Fp90zDYNWP1zH+bzJQAajA/gdEIyldEMbKRcVI708+ANdKsEsZx9
fMf6PSpaf130tSD4ynd5fyBRm5jy5WuB0zOmp6zWyHQBLZth1k/5sfKlmqGLkR2D
Qfj6qnAJOFzygZnFuMrBEXFigfbi6HpLot1n9Q954waeGZx4O+zfjUSSCSg8HHIN
2eMb5DZ9TpvT70J1ql71Ea1bA42fxUW1EjfXB6daYJAwNGlJAWT2KGe/q2Nkrz1P
CRwMEQo5Kd1NH475tTovnSZIA3qMa6J5K0o70VhLeDhERI7AXe4MEPhFl6o+8Kzi
2An6E0z7tzEf4yJ8nqeiFqjoAGZvvPDzazkR6SrN9mrPJdbKwTcFCFt7X6APQSUT
QRp1uFRXojKEBk3la+r8oTDKW0vrlzUTjfoL9GH4nmxCy+hV6T0O5zUgl97I19iY
BRryQKAIlWQHHCBd3CYDeZ95sbYW0I72KxkEf9u8CFXuoZucH7bu4Fw=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFwTCCA6mgAwIBAgIIO/wdAlmeJrgwDQYJKoZIhvcNAQELBQAwbjEXMBUGA1UE
AwwOUnVja3VzUEtJLVJvb3QxHTAbBgNVBAoMFFJ1Y2t1cyBXaXJlbGVzcyBJbmMu
MRIwEAYDVQQHDAlTdW5ueXZhbGUxEzARBgNVBAgMCkNhbGlmb3JuaWExCzAJBgNV
BAYTAlVTMB4XDTEzMDYyNjIxMDA0MVoXDTM4MDYyNzIxMDA0MVowbjEXMBUGA1UE
AwwOUnVja3VzUEtJLVJvb3QxHTAbBgNVBAoMFFJ1Y2t1cyBXaXJlbGVzcyBJbmMu
MRIwEAYDVQQHDAlTdW5ueXZhbGUxEzARBgNVBAgMCkNhbGlmb3JuaWExCzAJBgNV
BAYTAlVTMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAy3i6PCnjAzCa
EqxdKoykSQ1dJUWOi3rxtormNFFN0CF3BRhIokelq1YYhWZHR2MeRzyFaFJek4V1
TLMrgEaSpWUq97/T8wssUQ3pInhSmE4WNjby8bJvmUa4RfEK/mWKDSeWTiGJqmly
y2JGysNapSHLJiCYKKOWLBUDxgCtXn5MFt0oZCsF76sM/hZlJQmvNl1u7lA+MLRZ
HGHUYsJ8hCz/c9Ek2ZLZJv3FmNV4q3r8/mCnbmn0HNLQo7ImEaJBW8+FT802lU1P
FeUFvrc8Pe792bM5cqvAOPyLhgmuorAYQV17pnn1m9quUB09tXEqvbAtLLWuVywK
7XTPeZkny3sq9IUPnBHnveYFMXbej4HZJDBOuOGgVlgD3pEJS2LoZExQMujvZzid
P87ZjvEEW5SHUBbOC++JWbf1ZhZOOzPIjHHOmEYIRNGosYSx4Ek5XQJALNk25djY
3hdTVUHi4IpmXjKCeGZ6F0B5xZc1n3oFdvqxFWEDq8NLMKtcKxetARN+DAKcS0aj
PHyciZ3N22tzj4u0YmkKJtSIBZnTzPWMwzmHPNMRDyBEprnejE4b1gkTId/zc6Xc
WjJMWFCU49/kzeXFBO5IJphjMpt8Au4p/oG+kA6BM3OUgvs/MVI9DkO5ZBPXPlNa
xV+gFDfUb4F4x441jDvZ7rokiINLhRkCAwEAAaNjMGEwHQYDVR0OBBYEFB54IOsT
h+kOPKs2Vqa0bSnOOaj7MA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUHngg
6xOH6Q48qzZWprRtKc45qPswDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUA
A4ICAQCReabLkon06uTgLm19Idpt9kO2inl4koPBCUh4a64295QXA317HTrnSVuE
nxYPg4baRQkEGVCzDjVh0WJ+8EmwTlnkfe097UITtmPDwuTnlagaZ2jRtZxA6SJg
qDB8fupsAplsA1DsRAxq6JcOGSyejhfEvDEfr0lf0YbYEpdmUwfM01f+ho3yI6No
S9j7cylUgrkGYSeqHhEwE4k76uEMu4Ls8k9Uac3SPidqbqBhMoHPgXymCUkXjmix
jlrmfYcvdg+U3aoTVqrLngLUGdLSTYkxs4IxaOF88AN+GGXeMXCNPjSKIk5n/BjV
AoSyz2qfIPl3YzZX19OpTnJZc1DC0mLqVDAc111uoRL7VaPrbQDofImiYD1HG2uX
wrcR9IabKxMC0F+uEjZpkDE5TgpM/CsqKQAdqMtfZZZkIOcwaPRSJKpC4xp00jdr
Aylh62MUHIscV6pdlaXSOXFFVBwcZBNR9qM1n/rQ0k/DTLsfS9O46cHCSXCkMgsE
JrFb/M7npzg1AhoUkL5a0iMw6QP8aBsRPGUvwWb0TecX+LQWBO6Y82eGybhcXRMC
MmqqThqRr5KSkVzslk2iwqV6c/6IFHnxIKaFNHDs/NW9/UDWsSGepIFg6gYRMEtD
OHuY92ySkJ6BHxBJiPCgMW9EH5mRrn+hGSEO4XF4oCZHCryKYQ==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIF6TCCA9GgAwIBAgIJAIEBTBXFP8lCMA0GCSqGSIb3DQEBBQUAMFYxCzAJBgNV
BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUx
HjAcBgNVBAoTFVJ1Y2t1cyBXaXJlbGVzcywgSW5jLjAeFw0wNzAzMjkxNTI0NDda
Fw0xNzAzMjYxNTI0NDdaMFYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9y
bmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxHjAcBgNVBAoTFVJ1Y2t1cyBXaXJlbGVz
cywgSW5jLjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMIhlrV/86+P
V/OvDIUWchq+SPo8EiN6yjF6+2DH2DzsEEolHEei4+svH7trfT22vh1Y5lggO251
Eckr/pPs5N8oin/h/JtrgznzUZx6m2oOcowiG+lXkRkg9ySJ+OUe+e5ZvKpAYSve
HpUnxU3jNM14u420MuTJ0pukjJMH4a07U80gKsn/SRP6pbSUyii5ZLs0+jLXqk7t
p5BlF1WzwJRBk4taSIVwBF6eUyU0FpPGhLqYvi9UjxL0JsyBtnuiOtFrCgtLx03z
9SOcwOncnabLkGhhGjybxXa3HQ9cfLm6AnycQCa4a693PQwMHGm4iRRgygL6JxKm
CWbanXRVRo1c3Zaw93TwWuqdYhBRY6OAfPTXizV23MJEp2z21l0AlonoJtq7tDNM
lPHYSVrOWnGrOCmL/eFZKpa21xldfwbxsDQ/F9oGbStJm0zORpmgPGZERxyUBWsl
RVcrkK48giAFr4PNwOrxilTuVuhEzsOeuMMwtT+kvK+730f6NK8Zd7MoKcE4o001
tl8R3LF+NR/pbX6WgYA11l77Xr420WsSMAy77ccwE+XTalGeSBwDjh70s0+7cEiN
uy5MbXHcIkBl3RwRx7EXXn41sQYfiIoE7DQ579V8blo8b19uo+yZtMJHfK8mhWgf
pTruuOwDp4RDJOJhllcrEP85ryFq8opHAgMBAAGjgbkwgbYwHQYDVR0OBBYEFGXD
nvigM+7ROh2IL3TvdNFWAPmOMIGGBgNVHSMEfzB9gBRlw574oDPu0TodiC9073TR
VgD5jqFapFgwVjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQ
BgNVBAcTCVN1bm55dmFsZTEeMBwGA1UEChMVUnVja3VzIFdpcmVsZXNzLCBJbmMu
ggkAgQFMFcU/yUIwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAgEAm+g8
4Ouhrxyf7Qjg6msD2pL16hZRCeQv/ewWZalyTzISxo/f5lvJPO3IFWLGXPNCJ7SO
L7PNvTVSFOogFlo1VL5xzkLUwBb0Al50MvUJ05G8tOq3VOXG2d4BItfUldm4gn8p
3YgENYjjejQF9MwGDnEGhWXpd6G7fovnPXp/d4AK6atUGvfYOupmYRYajvMxltF+
JAkcrYI8DIYrCAPE+TppX5YyryYRYPUXSuFMiSlog1x3jqsIkC4KKXfzI7MAqS1/
1p+3vIFjXvwgyBKWtOYnvxJN63Jb3zsj5X9LwcngHw6O0ns1tts335g4GEumU9NB
O9vufg85XJ4/VtRl2EPLM641MjEtThrlyqy/QKE+3Pb9f59Bcj3LYuYmgrYVSEBZ
Og1WIXAwoi2lR5gWDFdj81hniw++DXE71534ipEBUCBQsHbrguEPZyvRQQRuXsUV
WcJ3oEevPQy2D/oJkK1vz9lKsbMmvbSfTmJCxwgc49od3u5sIYSHs4ziKrBJMywm
s9rOvdQzNxi/Hqzpf5vvwE/ZTUkhUV0oAtrT1HPv1Eh+LROUdIbdlYEkRUX1OAdJ
fqPw5aMvxPJSqU7aNm1aFXcwLEoDbLkEJdhs/Fb/xRqQgs+O1w85QL7oZMgQBlA9
r6pzDPzXzPvGK5ap9mC/yoQdRiOvSreb86YIM6w=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIF6TCCA9GgAwIBAgIJAMZhR8RSj38uMA0GCSqGSIb3DQEBBQUAMFYxCzAJBgNV
BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUx
HjAcBgNVBAoTFVJ1Y2t1cyBXaXJlbGVzcywgSW5jLjAeFw0wNjEyMDEwMzEyMzVa
Fw0xNjExMjgwMzEyMzVaMFYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9y
bmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxHjAcBgNVBAoTFVJ1Y2t1cyBXaXJlbGVz
cywgSW5jLjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKGD7wd1dZRA
vTmPq+NwPhguMcc9e1SoRkb2RqOeXpKcM9YH+qZkcXUsK+MLKSN0VLnuufhdHmN8
Rgfm5DRciieShzqpR8CjotPMiRgTiCHKNeacXP/04iAmvC/5nlEqBAWsete+9JNt
c+I6P6ROqh17PEGftt/JkUqmSVn9D1OS/uaxjqZWJkCC0vVbYGfUfUBFyD30PK2Q
afJnIhKPVt1xx6VogaGuD2/4ykVDxsLqCJnTAWONeX6z3ui5FIWqNPk92Jw/yfQo
CRLu0Yi5Ef22LI6o8BMNoay6Fjg6bI3kVgaz/v+kVuDxzhsIguJ0VUn6Y1QqmEar
Hni1WaokuJoNKt3JdI8P6Xgz5DPw+bkFWuQJ8TkWq8/CiB9gqk3H9SIIz1hargGs
cAfaf7/zf2vOw18bpcWeZkoHEu0oRmVDVGLqH8NXPk369Yth8ydmlgvwmeSqRovw
6eFX005DNBExJ9yTGR91ZbSA3kaxHAPhqQ91NnmF+xqPqU2fb52oS9WSNqvBUWwZ
F+0qVVC3y0atlaUgS/SB3UVE9TtP8pwZuLXXzgzWo1wernhrIriy3b2+ExoScW/8
Szdi4DgaF7jzhWZTlMobfveDDKTMeBXd/Szmhn3z/WAc7f+XtxZq82Z75DH6cNK4
J6NskIRYUKux0GzlOs7DlcIFzs1jqI1XAgMBAAGjgbkwgbYwHQYDVR0OBBYEFIGH
zlD+umOFxbw094R/4MX2mF3hMIGGBgNVHSMEfzB9gBSBh85Q/rpjhcW8NPeEf+DF
9phd4aFapFgwVjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQ
BgNVBAcTCVN1bm55dmFsZTEeMBwGA1UEChMVUnVja3VzIFdpcmVsZXNzLCBJbmMu
ggkAxmFHxFKPfy4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAgEAder9
Xwg6aTUgPT6EUf+m8inKkRmElOfVAlj3Vcg3VJLo4jseLbFNLxvS6pQf1fx7bkNO
lfHj/D510KqWO/8yS3YTDywcsGWPBy+boshiP8Qsp6qZqA+RD/Mil5feUSwQuTu1
np59vMUPtIwt9flDt9Pmzm6FNQdYCNprikQhrXmm5GNdB7mPCFUErP7ZuKhuWOE1
erp9KX8r1uQrL/MLKvjKRUHjc7QkDqCkorrUVozqcXIEySkvPlq7hlc/IIjBzYrq
2piME2AuueyV232NLc4ZMUy/Fm3AOlEOo2UNJ8NanFKIXzC/mA9k8mDF4IJiiXKw
+g8+Au/axEEhHTiv0dUkOeAjyOqjRZl+BtN7NUiP/mEjMajjt+gqIxpS3DQ/yl/R
hZNEPbD100N4bPYOx3i9ZmQVsR2mmlEvSUm9zj4Xi8fHMqDCAYT3Xafy6h29zcLl
AKWwDQAGzpsCjIJ7lcK/49g5b34l/Ay8oVOaqLSJBmWQhlw1z3oRF9m2UQ9TwJjx
NS5bVg/DvQjP1ZXpyGXrAeTbzPwRScKyIcK2fSDTSJtIwkTXQwRjQAzDZg2V47kK
yXtCxzQ36aGIUiG+QMmQHkL3Jrn24tWvD/cjVAOy0iCXIlXeSIzMKe2lQYsa/D8w
epfDKi99C6Oxg3o1xaDyLQn0hEJtP45NDJGpCwE=
-----END CERTIFICATE-----
Add a carriage return to the end of the pasted certificate, or your HAProxy setup may fail.
Save
TIP
Don't be tempted to create an extra pfSense CA for these.
I sneak them into the end of the existing Ruckus CA stack so pfSense doesn't spam you every day with expired CA/Certificate notices.
Update HAProxy Frontend
Services
> HAProxy
> Frontend
> Port443
> edit frontend
(the pencil)
- Advanced settings > Bind pass thru:
ciphers DEFAULT:@SECLEVEL=0 ca-ignore-err 10 crt-ignore-err 7