cancel
Showing results for 
Search instead for 
Did you mean: 

My AP is Online but a warning is displayed “AP certificate is expired” on vSZ/SZ dashboard

sarita_shekhar
Moderator
Moderator
As a Sr. Technical Support Engineer, I have come across the below concern/issue from a lot of users and would like to share my experience here:
  • Root Cause:

Ruckus's original Device certificates expired in November 2016. Any device manufactured prior to Nov 2016 will have the old certificate. 

  • How to find an AP certificate?

                    Log in to the AP CLI (SSH) and run the following command:

                              rkscli: get rpki-cert issuer

                    The AP with the below output will not join the controller as it has an old certificate.

                    Output:

                              Issuer: Ruckus Wireless, Inc.
                              OK

  • Why do I see the warning "AP certificate is expired" on my controller dashboard

          vSZ/SZ prior to firmware 3.6.x release doesn’t have AP-cert check enabled by default.

          Hence the AP which joined the controller prior to 3.6.x and got upgraded to 3.6.x or above will have the below error message/warning on the controller Dashboard.

                    sshekhar_0-1646211696080.png

          Export the All AP Certificate file from the controller (below screenshot is from the older version pre-5.x and 3.6.x): -

                    sshekhar_1-1646211696088.png

           Screenshot from the updated (above 3.6.x) vSZ/SZ firmware version: -

                    sshekhar_2-1646211696090.jpeg

          It lands on the below page:

                    sshekhar_3-1646211696097.png

                    sshekhar_4-1646211696103.jpeg

  1. Click on Export à Export All APs Certificate Request or New APs based on which AP needs the AP certificate update to generate the .req file.
  2. Go to https://certrenewal.ruckuswireless.com/ and import the .req file and give your e-mail address.
  3. Upon uploading the file, it will give you a .res file in your e-mail inbox.
  4. Once you receive the file go to the above location on the controller and select ‘Import AP Certificate Response (.res) file’

                     sshekhar_5-1646211696108.png

  1. This will take some time and the AP will refresh their certificates.

0 REPLIES 0