This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
RUCKUS Self Help |   ASK the Pack
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Cloudpath: How to replace Radius Certificate on Cloudpath if expired

vijaykuniyal
RUCKUS Team Member

‎10-18-2023 01:25 PM - edited ‎12-07-2023 08:56 AM

This article explains how to replace Radius Certificate on Cloudpath if expired.

In many occasion you will see Customer has reported an issue with Radius authentication with Cloudpath server, all authentication requests will fail, from Cloudpath point of view you can identify the issue if the radius certificate is expired or not.

For client troubleshooting and pcap one can identify if the radius certificate is not trusted by the client, that also leads to certificate expiry or change in radius certificate.

NOTE:
Do not change the certificate comman name.
If CA is external make sure, the certificate is assigned by same CA.

All existing user authentication will fail in case above is not followed.

Steps to verify on Cloudpath:

  • Verify if the Radius certificate is expired.>>>Cloudpath GUI>>>Configuration>>>Radius Server


    vijaykuniyal_0-1697657116111.png
  • Scroll down and Click on Actions: Replace Certificate

    vijaykuniyal_1-1697657306037.png

    *********************************************************************************
    Very Few Customer uses External CA for Radius Certificate, Validate the Root Certificate of the expired Certificate, for External CA the steps are given at the end.
  • Select Generate New Certificate Automatically, if you have not imported the previous certificate from external CA.

    >Certificate Template: will be  selected as Server Template.
    >Server Name: will be prefilled with the previous name, make sure it stays same as earlier.
    >Years Valid: will be prefilled with the 3 Years, can be extended up to 5 Years.



    vijaykuniyal_2-1697657725378.png

    On Success a new certificate will be assigned to the radius server with new validity.
    ***********************************************************************************

    If you are using an external CA for radius certificate instead of Cloudpath Onboard CA use the Option to Generate CSR and Upload a Certificate.

  •  Generate CSR (If Certificate is already there skip this part)

    vijaykuniyal_6-1697659435073.png

  • Fill all the information and Click Next.

    vijaykuniyal_4-1697659157365.png

  • Click on Download CSR

    vijaykuniyal_5-1697659206353.png
  • Submit CSR to the CA and get a Certificate to upload in the next step.

    vijaykuniyal_7-1697660088139.png
  • Fill in the fields with below details and Click Next.

    - Public Key (PEM)  - Upload web server certificate received by CA in PEM format
    - Chain (PEM or p7b)  - Upload Root CA  in PEM or p7b
    - Additional Chain - Upload Intermediate CA  in PEM
    - Additional Chain - Upload Intermediate CA if chain have more than 3 certificate in PEM.
    - Private Key Source - If certificate received was raised with the CSR from Cloudpath, select Certificate is based on CSR.
    - Private Key Source - If certificate received was raised without a CSR from Cloudpath, select Upload Private Key.
    - Private Key (PEM) - Upload Private key in PEM
    - Private Key Password - If private key is password protected, enter password here, if not protected ignore.

    vijaykuniyal_8-1697660352215.png

  • Radius Certificate will be renewed.

 

Vijay Kuniyal

Staff Technical Support Engineer

CCNA RnS | CCNA Wireless | CWNA | RASZA | Meraki CMNO | RACPA
Labels:
0 REPLIES 0
Copyright © 2024 Khoros, LLC