cancel
Showing results for 
Search instead for 
Did you mean: 

The vSZ/SZ dashboard displays a warning: 'AP certificate is expired,' even though the AP is online.

sarita_shekhar
Moderator
Moderator

As a Sr. Technical Support Engineer, I have encountered the following concern/issue from many users and would like to share my experience here:

Root Cause:

Ruckus's original device certificates expired in November 2016. Any device manufactured before November 2016 has the old certificate.

How to find an AP certificate:

  1. Log in to the AP CLI (SSH) and run the following command:
    rkscli: get rpki-cert issuer
    
  2. The AP with the following output will not join the controller as it has an old certificate:
    Issuer: Ruckus Wireless, Inc.
    OK
    

Why do I see the warning "AP certificate is expired" on my controller dashboard?

vSZ/SZ versions prior to the 3.6.x firmware release do not have AP-cert check enabled by default. Therefore, the APs that joined the controller before 3.6.x and were later upgraded to 3.6.x or above will display the following error message/warning on the controller dashboard.

                    sshekhar_0-1646211696080.png

Export the All AP Certificate file from the controller (the below screenshot is from the older versions pre-5.x and 3.6.x): -

                    sshekhar_1-1646211696088.png

Here is a screenshot from the updated vSZ/SZ firmware version (above 3.6.x): -

                    sshekhar_2-1646211696090.jpeg

It displays the page shown below:

                    sshekhar_3-1646211696097.png

                    sshekhar_4-1646211696103.jpeg

  1. Click on Export, then choose either Export All APs Certificate Request or New APs, depending on which AP needs the certificate update, to generate the .req file.
  2. Contact Ruckus Support to generate the .req file downloaded from the above step. (https://support.ruckuswireless.com/contact-us)
  3. Once you receive the file, go to the same location on the controller and select 'Import AP Certificate Response (.res) file.'

                     sshekhar_5-1646211696108.png

      4. This process will take some time, and the AP will refresh its certificates.

1 ACCEPTED SOLUTION

Hello @Marcel_Antony ,

Hope you doing well today.

We recommend upgrading the AP certificate. The APs with old certs won't join any vSZ/SZ/SmartZone controller/Cloud controller until you disable the AP-cert check on the controller.

If the APs are currently managed by the controller and are online and for some reason get disconnected and the AP entry is lost then the AP won't join back the controller.

Let me know if this answers your query.

Regards,
Sarita

 

View solution in original post

2 REPLIES 2

Marcel_Antony
New Contributor

Hello,

Can someone explain what will be the impact if the AP certificate has expired in several AP's? 

Thank you

 

 

 

Hello @Marcel_Antony ,

Hope you doing well today.

We recommend upgrading the AP certificate. The APs with old certs won't join any vSZ/SZ/SmartZone controller/Cloud controller until you disable the AP-cert check on the controller.

If the APs are currently managed by the controller and are online and for some reason get disconnected and the AP entry is lost then the AP won't join back the controller.

Let me know if this answers your query.

Regards,
Sarita