Description:

LANCOM devices have a self-signed SSL certificate for HTTPS access. Consequently, any device using HTTPS to access the web interface will display a warning message. For this reason, the default configuration in the Public Spot uses the HTTP protocol, which prevents the warning message from being displayed in a hotspot environment.

However, many scenarios require the Public Spot to use an SSL certificate in order to transmit the login and status pages in encrypted form. An easy way to obtain an SSL certificate for HTTPS is to use the ACME client (Automatic Certificate Management Environment). This uses the DNS name of the router (DynDNS or DNS name assigned to a fixed IP address) to send a Certificate Signing Request (CSR) to the provider Let's Encrypt, and obtains an SSL certificate from them.

This article describes how the ACME client is used to obtain an SSL certificate, and how this is used in the Public Spot.

LCOS only supports one SSL certificate for access via HTTPS. The certificate obtained via the ACME client is therefore used both in the Public Spot and in WEBconfig.


Requirements:

  • LCOS as of version 10.80 (download latest version)
  • LANtools as of version 10.80 (download latest version)
  • Previously configured and functional Public Spot with a guest network
  • DynDNS account used by the router to publish its IP address as a DNS name, or a fixed IP address associated with a DNS name

Procedure:

1) In the router configuration, go to the menu Certificates → ACME client and adjust the following parameters:

  • Set a checkmark for ACME client enabled so that the certificates are obtained automatically and renewed regularly.
  • Under Domain, enter the DNS name of the router (in this example hotspot.domain.com).
  • Under Contact (e-mail address), enter an e-mail address that serves as contact information for the certificate application.

2) Go to the menu Public Spot → Authentication and activate the option HTTPS – Public Spot login and state pages are encrypted during transfer.

3) Go to the menu Public Spot → Server → Operational settings.

4) As the Device hostname, enter the DNS name of the router set in step 1 (in this example hotspot.domain.com).

5) Go to the menu DNS → General → Host names.

6) Adjust the following parameters:

  • Host name: Enter the DNS name of the router entered in steps 1 and 4 (in this example hotspot.domain.com).
  • IPv4 address: Enter the IPv4 address of the router in the Public Spot network (in this example 192.168.10.254).

7) This concludes the configuration steps. You can now write the configuration back to the device.

Status information about the ACME client can be viewed in LANmonitor under Certificates → ACME client.

In case of problems obtaining certificates via the ACME client, the ACME trace can be used for troubleshooting (via LANtracer or via the CLI).


All LANCOM products and software versions are subject to LANCOM Software Lifecycle Management.
You can find information on our website at https://www.lancom-systems.com/products/firmware/software-lifecycle-management

© 2019-2024 LANCOM Systems GmbH