Managing AP Certificates

AP certificates are valid for a period of time and have to be replaced when they expire.

NOTE
Although AP Certificate Expire Check is enabled by default, when an AP with an expired certificate joins the controller, this check automatically gets disabled. To restore security:
  • All APs with expired certificates need to be replaced with a new valid certificate

  • Manually enable certificate check using ap-cert-expired-check CLI command in the config mode

You must get AP Certificate Replacement before your AP certificate expires. The system generates an apCertificateExpireSystem alarm and event when an AP certificate expires.

To get an AP Certificate replacement:

  1. From the application select, System > Certificates > AP Certificate Replacement.
  2. In the AP Request List area, those APs with the Need Export column marked Yes needs certificate replacement. Those marked with No means that the certificate request has already been exported.
    NOTE
    Use the Search terms option to look for APs by name, model, serial number, or description.
  3. Click Export and select one of the following options:
    • Export All APs Certificate Request—Exports the certificates for all the AP
    • New APs—Exports the certificates for new APs or APs that need to regenerate their certificates.
    NOTE
    All exported AP Certificate request (.req) files generated from a cluster include it's name. To manage multiple export request files, change the file name before uploading it to uniquely identify the file.

    For example: cert-scg-cluster5f6433ef-711b-4f44-b38a-ddd485ee2c37-R500.req

  4. Login https://support.ruckuswireless.com/ with your credentials.
  5. From the right pane go to Tools > Certificate Renewal. The Certificate Renewal Requests page appears.
  6. Click Browse to select the .req file exported from Certificate Refresh page.
  7. Enter the Email address for communication.
  8. Click Upload, you will receive an e-mail acknowledgment from Ruckus.
  9. From the Certificate Renewal Request page, check the Status column of your request. After the request is processed, you will receive the response from Ruckus, with a link to the .res response file for Import on the Certificate Refresh page.
  10. From the AP Certificate Replacement page of the application, click Import AP certificate Response (.res) file. The Import AP certificate for replacement form appears.
  11. Click Browse and select the file.
  12. Click OK.
    NOTE
    All APs included in the imported response (.res) file reboot after their certificate is refreshed.
  13. From the Certificate Status area, check the Status column of the AP. If the status is:
    • Updating—Controller is in the process of updating the certificate.
    • Update Failed—Controller failed to update the certificate.
    NOTE
    The AP reports to the controller at 15-minute intervals. As a result, it may take up to 15 minutes for the AP to update its certificate status on the web interface.
  14. Click Reset Update Failed AP, to reset the status of the APs for which certification update failed. The status of the AP will change.
  15. Check the Update Stats to know the status of the AP certificates.

  16. Once all the APs are updated with the new certificates, manually enable the ap-cert-expired-check CLI command in the config mode to restore security and reject APs that try to connect with expired certificate

    .

Parent topic: Certificates