Changes after a Smoothwall upgrade

I originally posted this on the EduGeek site here: but found that it was quickly getting buried in the other posts and I often found I needed to refer back to it… So I am re-posting it here!

I just spent this morning applying Main Updates 52 and 53 and then reapplying all of our changes for Real World SSL and SSL login for our BYOD network, so I thought I should actually write it up in a doc for next time 😉

This is specific for our set up where we are using a Real World SSL cert with an intermediate certificate and using SSL Cookie Log-in for our BYOD network where I have a DNS server spoofing the external FQDN of our Smoothwall to the relevant internal IP address. If your set up matches this then these are the steps to carry out after a Smoothwall upgrade to get everything going again!

  1. Copy all files from “Local Copy of your Real World SSL Certs!” to “/etc/httpd” using WinSCP
  2. Edit “/etc/httpd/conf/httpd.conf.part” using vi
  3. You need to edit both the “VirtualHost *:441” and the “VirtualHost *:442” sections as follows:
  4. Once in the VirtualHost definition press Insert to start editing
  5. After the “SSLCertificateKeyFile /etc/httpd/server.key” line add a new line of “SSLCertificateChainFile /etc/httpd/intermediate.crt
  6. Once you have made the change to both files type escape and then “:wq!” to save the file and quite vi
  7. Type “/usr/bin/smoothwall/
  8. Reboot
  9. Log in to the Smoothwall and go to “System > Administration > External Access” and enable (or create) the external access rule which gives access to 442 from everywhere
  10. In Internet explorer visit: and check that all checks pass OK for “https://<FQDN of your Smoothwall>:442
  11. Disable the external access rule enabled in step 9
  12. On your Putty session to Smoothwall type “cd /modules/guardian3/usr/lib/smoothwall/templates/AuthResponse/
  13. Edit the file using vi
  14. Edit the line which reads “https://[%iporhostname%]/login” to read “https://<FQDN of your Smoothwall>:442/login
  15. Edit the line which reads “https://[%iporhostname%]/clogin” to read “https://<FQDN of your Smoothwall>:442/clogin
  16. Press Escape and then “:wq!” to write the file and quit vi
  17. Run “smoothcom runallsgconfigwriters
  18. Run “smoothcom proxyrestart
  19. Check that when logging into the BYOD Smoothwall authentication page you are taken directly to <FQDN of your Smoothwall> and not the IP address at log-in

3 thoughts on “Changes after a Smoothwall upgrade

  1. Just setting up a new Smoothwall install I have realised that you also need to edit this file “/settings/main/settings” and add this line: “USE_HOSTNAME_IN_REDIRECTS=on” if it does not already exist!

Leave a Reply

Your email address will not be published. Required fields are marked *