As a Sr. Technical Support Engineer, I have come across the below concern/issue from a lot of users and would like to share my experience here:
Ruckus's original Device certificates expired in November 2016. Any device manufactured prior to Nov 2016 will have the old certificate.
How to find an AP certificate?
Log in to the AP CLI (SSH) and run the following command:
rkscli: get rpki-cert issuer
The AP with the below output will not join the controller as it has an old certificate.
Issuer: Ruckus Wireless, Inc.
Why do I see the warning "AP certificate is expired" on my controller dashboard
vSZ/SZ prior to firmware 3.6.x release doesn’t have AP-cert check enabled by default.
Hence the AP which joined the controller prior to 3.6.x and got upgraded to 3.6.x or above will have the below error message/warning on the controller Dashboard.
Export the All AP Certificate file from the controller (below screenshot is from the older version pre-5.x and 3.6.x): -
Screenshot from the updated (above 3.6.x) vSZ/SZ firmware version: -
It lands on the below page:
- Click on Export à Export All APs Certificate Request or New APs based on which AP needs the AP certificate update to generate the .req file.
- Please reach out to Ruckus Support to generate the .req file downloaded from the above step. (https://support.ruckuswireless.com/contact-us)
- Once you receive the file go to the above location on the controller and select ‘Import AP Certificate Response (.res) file’
4. This will take some time and the AP will refresh their certificates.