cancel
Showing results for 
Search instead for 
Did you mean: 

Important Notice: Ruckus AP Device Certificate Refresh - Check/Update APs before Nov 27, 2016

michael_brado
Esteemed Contributor II
Important Notice:  AP Device Certificate Refresh

Original Ruckus AP device certificates are due to expire on Nov 27, 2016.  Most APs manufactured
in the last two years have new AP certificates installed in addition to the original certificates, but those
which do not, will experience problems communicating with SmartZone controllers.

Latest SmartZone controller code easily identifies APs needing certificate refresh, and a simple process
to send request files to Ruckus and receive/install response files to update the AP certficates is available.

This is a preliminary warning before the original certificate expiration date, to encourage all AP customers
to review the Frequently Asked Questions, and AP Certificate Refresh Flowchart that outlines affected AP
model/serial numbers, impact on SZ, ZD, and Solo APs, and information regarding certificate refresh so
you can avoid them.

KBA-5390: FAQ - Ruckus AP Device Certificate Refresh
https://support.ruckuswireless.com/answers/000005390

KBA-6099: Ruckus AP Certificate Refresh Flowchart
https://support.ruckuswireless.com/answers/000006099
5 REPLIES 5

max_o_driscoll
Valued Contributor
Michael: That got my attention!

Appears it is only Smart Zone that is affected (unless you are going to publish more KBs).
The mention of ZD 9.13 is only in reference to it's ability to notify that APs require a new certificate.

So those of us (ye olde legacy types on ZD hardware controllers) seem unaffected - I am right in this or did I miss something?

Yes, latest ZD 9.13.x will identify APs needing new certificates, but AP/ZD communication is not affected.
However, many current ZD customers might be planning migration to SmartZone.
Similarly for Solo APs, browsers will still present a certificate warning, that you can allow/add exception to continue.

This certificate refresh seems to be problematic for customers, who are running VSZ-H with both new and legacy APs (eg. 7363) set to different AP zones running different firmware versions. Apparently one solution is to disable certificate check, but how does this affect security of the system?

lex_jonkers
New Contributor
According to the flowchart for ZoneDirectors there is no impact, but cert refresh is recommended in case of future migrations.

However how does one refresh when using zd1100's as 9.13 isn't available for them and the options used in the refresh procedure in the faq are not present in 9.10.1?

Is it possible or are zd1100 users out of luck since they are EOL?
And if so guess the procedure on migration would be: Disable cert check in smartzone cli, connect AP's, update cert, enable cert check again?