Update zf7321 standalone, root certificate from Nov 2016
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-17-2020 06:28 AM
Hello,
Anyoone know if I can update the root certificate on standalone zf7321 as "certificate verificaton status" shows PASSED so I cant access the CSR part for the cert replacement process.
Don't even understand why it show PASSED in the first place but I guess the chain checks out.
| Software Version: | 100.1.0.0.432 |
|---|
Re
K
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-18-2020 03:06 AM
Think this KBA would help.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-18-2020 05:27 AM
Hi Kjartan,
If AP is in standalone mode, you can update the certificate using standalone AP's GUI.
Procedure:
- Download the standalone image from support site for you AP model.
- Login to standalone AP GUI and go to >> Upgrade >> Select "Local" >> It will show you option for upgrade firmware or certificate. Choose Certificate.
- Upload the downloaded standalone image from step-1.
- Post completing the cert update, AP will reboot and it should show the updated cert.
- To verify if device has correct cert using 'get rpki-cert issuer' command. It will show the issuer of the certificate.
If the issuer contains the string "RuckusPKI", it means the AP has the new certificate,
otherwise, it has the old certificate.
Example output:
rkscli: get rpki-cert issuer
Issuer: RuckusPKI-DeviceSubCA-2
Syamantak Omer
Sr.Staff TSE | CWNA | CCNA | RCWA | RASZA | RICXI
RUCKUS Networks, CommScope!
Follow me on LinkedIn
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-19-2020 02:09 PM
Thanks Syamantak,
Thing is that this is an old EOL ZF7321 and does´nt support CLI "get rpki-cert issuer" nor the option of Maintenance::Upgrade local-ly certificate, only file or firmware. But then again I´m unable to get to the CSR because Certificate verification always shows PASSED and thus unable to get the link to start it according to instructions.
Just double checking if I´d missed something but it seems it´s been deemed end of every thing after all it´s only single radio.
Thanks
K
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-20-2020 04:10 AM
Hi Kjartan,
What is the current firmware on ZD7321? If it is lower than 9.x, you have to upgrade it to 100.x and then it will give you the option update the cert from GUI.
If GUI is also not giving you option to upgrade firmware, use AP CLI and FTP/TFTP to upgrade the firmware.
Download the 100.x standalone version from the below link.
Procedure FTP:
- Download the appropriate firmware file from www.support.ruckuswireless.com and put it on FTP server's root folder
- SSH to AP and type below commands (Make sure that you are able to ping the FTP server's IP from AP CLI):
fw set control zf7321_100.1.0.0.432.Bl7 (This is the file name of the firmware in FTP server).
fw set proto ftp
fw set host xxx.xxx.xxx.xxx (Where x.x.x.x is IP address of the FTP server)
fw set user xxxx (Where xxx is user name of the FTP server)
fw set password xxxx (Where xxx is password of the FTP server)
fw up
reboot
Procedure TFTP:
- Ensure that the board is able to ping the TFTP server
Place the image in TFTPROOT directory (typically /tftpboot) on the host TFTP server - Run the following commands on rkscli prompt to flash an image using TFTP:
fw set proto tftp
fw set host <server ip>
fw set control <filename> (path/Name of the image file, eg. ap-arm-qca-wsg/rcks_fw.bl7)
fw update
reboot
Once above is done, AP should give you option for cert update using GUI.
Syamantak Omer
Sr.Staff TSE | CWNA | CCNA | RCWA | RASZA | RICXI
RUCKUS Networks, CommScope!
Follow me on LinkedIn
