cancel
Showing results for 
Search instead for 
Did you mean: 

My AP is Online but a warning is displayed “AP certificate is expired” on vSZ/SZ dashboard

sarita_shekhar
Moderator
Moderator
As a Sr. Technical Support Engineer, I have come across the below concern/issue from a lot of users and would like to share my experience here:
  • Root Cause:

Ruckus's original Device certificates expired in November 2016. Any device manufactured prior to Nov 2016 will have the old certificate. 

  • How to find an AP certificate?

                    Log in to the AP CLI (SSH) and run the following command:

                              rkscli: get rpki-cert issuer

                    The AP with the below output will not join the controller as it has an old certificate.

                    Output:

                              Issuer: Ruckus Wireless, Inc.
                              OK

  • Why do I see the warning "AP certificate is expired" on my controller dashboard

          vSZ/SZ prior to firmware 3.6.x release doesn’t have AP-cert check enabled by default.

          Hence the AP which joined the controller prior to 3.6.x and got upgraded to 3.6.x or above will have the below error message/warning on the controller Dashboard.

                    sshekhar_0-1646211696080.png

          Export the All AP Certificate file from the controller (below screenshot is from the older version pre-5.x and 3.6.x): -

                    sshekhar_1-1646211696088.png

           Screenshot from the updated (above 3.6.x) vSZ/SZ firmware version: -

                    sshekhar_2-1646211696090.jpeg

          It lands on the below page:

                    sshekhar_3-1646211696097.png

                    sshekhar_4-1646211696103.jpeg

  1. Click on Export à Export All APs Certificate Request or New APs based on which AP needs the AP certificate update to generate the .req file.
  2. Please reach out to Ruckus Support to generate the .req file downloaded from the above step. (https://support.ruckuswireless.com/contact-us)
  3. Once you receive the file go to the above location on the controller and select ‘Import AP Certificate Response (.res) file’

                     sshekhar_5-1646211696108.png

      4. This will take some time and the AP will refresh their certificates.

1 ACCEPTED SOLUTION

Hello @Marcel_Antony ,

Hope you doing well today.

We recommend upgrading the AP certificate. The APs with old certs won't join any vSZ/SZ/SmartZone controller/Cloud controller until you disable the AP-cert check on the controller.

If the APs are currently managed by the controller and are online and for some reason get disconnected and the AP entry is lost then the AP won't join back the controller.

Let me know if this answers your query.

Regards,
Sarita

 

View solution in original post

2 REPLIES 2

Marcel_Antony
New Contributor

Hello,

Can someone explain what will be the impact if the AP certificate has expired in several AP's? 

Thank you

 

 

 

Hello @Marcel_Antony ,

Hope you doing well today.

We recommend upgrading the AP certificate. The APs with old certs won't join any vSZ/SZ/SmartZone controller/Cloud controller until you disable the AP-cert check on the controller.

If the APs are currently managed by the controller and are online and for some reason get disconnected and the AP entry is lost then the AP won't join back the controller.

Let me know if this answers your query.

Regards,
Sarita