I originally posted this on the EduGeek site here: http://www.edugeek.net/forums/smoothwall-direct-support/110901-changes-after-smoothwall-upgrade.html but found that it was quickly getting buried in the other posts and I often found I needed to refer back to it… So I am re-posting it here!
I just spent this morning applying Main Updates 52 and 53 and then reapplying all of our changes for Real World SSL and SSL login for our BYOD network, so I thought I should actually write it up in a doc for next time 😉
This is specific for our set up where we are using a Real World SSL cert with an intermediate certificate and using SSL Cookie Log-in for our BYOD network where I have a DNS server spoofing the external FQDN of our Smoothwall to the relevant internal IP address. If your set up matches this then these are the steps to carry out after a Smoothwall upgrade to get everything going again!
- Copy all files from “Local Copy of your Real World SSL Certs!” to “/etc/httpd” using WinSCP
- Edit “/etc/httpd/conf/httpd.conf.part” using vi
- You need to edit both the “VirtualHost *:441” and the “VirtualHost *:442” sections as follows:
- Once in the VirtualHost definition press Insert to start editing
- After the “SSLCertificateKeyFile /etc/httpd/server.key” line add a new line of “SSLCertificateChainFile /etc/httpd/intermediate.crt”
- Once you have made the change to both files type escape and then “:wq!” to save the file and quite vi
- Type “/usr/bin/smoothwall/mergeparts.pl”
- Reboot
- Log in to the Smoothwall and go to “System > Administration > External Access” and enable (or create) the external access rule which gives access to 442 from everywhere
- In Internet explorer visit: http://www.digicert.com/help/ and check that all checks pass OK for “https://<FQDN of your Smoothwall>:442“
- Disable the external access rule enabled in step 9
- On your Putty session to Smoothwall type “cd /modules/guardian3/usr/lib/smoothwall/templates/AuthResponse/”
- Edit the authresponse.tt file using vi
- Edit the line which reads “https://[%iporhostname%]/login” to read “https://<FQDN of your Smoothwall>:442/login”
- Edit the line which reads “https://[%iporhostname%]/clogin” to read “https://<FQDN of your Smoothwall>:442/clogin”
- Press Escape and then “:wq!” to write the file and quit vi
- Run “smoothcom runallsgconfigwriters”
- Run “smoothcom proxyrestart”
- Check that when logging into the BYOD Smoothwall authentication page you are taken directly to <FQDN of your Smoothwall> and not the IP address at log-in
Just setting up a new Smoothwall install I have realised that you also need to edit this file “/settings/main/settings” and add this line: “USE_HOSTNAME_IN_REDIRECTS=on” if it does not already exist!