This article explains how to replace Radius Certificate on Cloudpath if expired.
In many occasion you will see Customer has reported an issue with Radius authentication with Cloudpath server, all authentication requests will fail, from Cloudpath point of view you can identify the issue if the radius certificate is expired or not.
For client troubleshooting and pcap one can identify if the radius certificate is not trusted by the client, that also leads to certificate expiry or change in radius certificate.
NOTE:
Do not change the certificate comman name.
If CA is external make sure, the certificate is assigned by same CA.
All existing user authentication will fail in case above is not followed.
Steps to verify on Cloudpath:
- Verify if the Radius certificate is expired.>>>Cloudpath GUI>>>Configuration>>>Radius Server
- Scroll down and Click on Actions: Replace Certificate
*********************************************************************************
Very Few Customer uses External CA for Radius Certificate, Validate the Root Certificate of the expired Certificate, for External CA the steps are given at the end. - Select Generate New Certificate Automatically, if you have not imported the previous certificate from external CA.
>Certificate Template: will be selected as Server Template.
>Server Name: will be prefilled with the previous name, make sure it stays same as earlier.
>Years Valid: will be prefilled with the 3 Years, can be extended up to 5 Years.
On Success a new certificate will be assigned to the radius server with new validity.
***********************************************************************************
If you are using an external CA for radius certificate instead of Cloudpath Onboard CA use the Option to Generate CSR and Upload a Certificate.
- Generate CSR (If Certificate is already there skip this part)
- Fill all the information and Click Next.
- Click on Download CSR
- Submit CSR to the CA and get a Certificate to upload in the next step.
- Fill in the fields with below details and Click Next.
- Public Key (PEM) - Upload web server certificate received by CA in PEM format
- Chain (PEM or p7b) - Upload Root CA in PEM or p7b
- Additional Chain - Upload Intermediate CA in PEM
- Additional Chain - Upload Intermediate CA if chain have more than 3 certificate in PEM.
- Private Key Source - If certificate received was raised with the CSR from Cloudpath, select Certificate is based on CSR.
- Private Key Source - If certificate received was raised without a CSR from Cloudpath, select Upload Private Key.
- Private Key (PEM) - Upload Private key in PEM
- Private Key Password - If private key is password protected, enter password here, if not protected ignore.
- Radius Certificate will be renewed.
Vijay Kuniyal
Staff Technical Support Engineer
CCNA RnS | CCNA Wireless | CWNA | RASZA | Meraki CMNO | RACPA