https://community.extremenetworks.com/t5/aerohive-migrated-content/radsec-established-but-no-certificate/m-p/85394#M10667 <P>Well, it didn't work in my case. Complete upload did not pull certs from IDM servers.</P><P>&nbsp;</P><P>All APs are in the same subnet. 2 of them were automaticaly elected as ID Manager Proxy Server and they are fine. Rest of access points – some of them have Radsec certificate and some don’t.</P><P>&nbsp;</P><P>I managed to fix it this way:</P><P>&nbsp;</P><UL><LI>I applied network policy that contains IDManager settings only to 2 APs in subnet. They were automaticaly elected as Proxy Servers and downloaded certificate. Then I repeated that procedure for rest of APs. They all have now valid certificate.</LI></UL><P>&nbsp;</P><P>Disadvantage of this solution is completion time. It takes a lot of time if you have many APs on site.&nbsp;</P> Thu, 12 Apr 2018 14:03:57 GMT marek_szymonski 2018-04-12T14:03:57Z https://community.extremenetworks.com/t5/aerohive-migrated-content/radsec-established-but-no-certificate/m-p/85392#M10665 <P>Hi,</P><P>&nbsp;</P><P>I'm reffering to this topic in old HiveNation community (https://community.aerohive.com/aerohive/topics/radsec-established-but-no-certificate). There is a procedure described how to fix lack of certificate from Radsec on AP:</P><P>&nbsp;</P><P>1) Clear the key</P><P>clear aaa radius-server-key radsec ca</P><P>clear aaa radius-server-key radsec root-ca</P><P>&nbsp;</P><P>2) Upload the new CA&nbsp;</P><P>Upload the new CA: Monitor &gt; Actions &gt; Download CA</P><P>&nbsp;</P><P>3) Complete Upload</P><P>&nbsp;</P><P>4) Reboot</P><P>&nbsp;</P><P>I'm using HM 6.8r7a and there is no Monitor &gt; Actions &gt; Download CA.</P><P>&nbsp;</P><P>I tried Complete configuration update and Clear ID Manager credentials but no luck.</P><P>All required ports are opened and problem is only on some APs 250</P><P>&nbsp;</P><P>#sh idm</P><P>IDM client: Enabled Per SSID</P><P>IDM Proxy IP: 10.66.164.36</P><P>IDM proxy: Disabled</P><P>RadSec Certificate state: Not exist</P><P>&nbsp;</P><P>Please advice how to get RadSec certificate.</P> Wed, 11 Apr 2018 16:01:28 GMT https://community.extremenetworks.com/t5/aerohive-migrated-content/radsec-established-but-no-certificate/m-p/85392#M10665 marek_szymonski 2018-04-11T16:01:28Z https://community.extremenetworks.com/t5/aerohive-migrated-content/radsec-established-but-no-certificate/m-p/85393#M10666 <P>I'm sorry for the confusion, those instructions are for HiveManager NG and it sounds like you are using HiveManager Classic. These are different platforms so they sometimes have different procedures. If you run those two commands in step one, go ahead and skip step two, and move directly to step three. The AP will pull the certs from the IDM servers automatically, so you should accomplish the same thing by just clearing the certs and pushing out a complete configuration (which requires a reboot). </P><P>&nbsp;</P><P>Hope that helps. </P> Wed, 11 Apr 2018 21:42:40 GMT https://community.extremenetworks.com/t5/aerohive-migrated-content/radsec-established-but-no-certificate/m-p/85393#M10666 samantha_lynn 2018-04-11T21:42:40Z https://community.extremenetworks.com/t5/aerohive-migrated-content/radsec-established-but-no-certificate/m-p/85394#M10667 <P>Well, it didn't work in my case. Complete upload did not pull certs from IDM servers.</P><P>&nbsp;</P><P>All APs are in the same subnet. 2 of them were automaticaly elected as ID Manager Proxy Server and they are fine. Rest of access points – some of them have Radsec certificate and some don’t.</P><P>&nbsp;</P><P>I managed to fix it this way:</P><P>&nbsp;</P><UL><LI>I applied network policy that contains IDManager settings only to 2 APs in subnet. They were automaticaly elected as Proxy Servers and downloaded certificate. Then I repeated that procedure for rest of APs. They all have now valid certificate.</LI></UL><P>&nbsp;</P><P>Disadvantage of this solution is completion time. It takes a lot of time if you have many APs on site.&nbsp;</P> Thu, 12 Apr 2018 14:03:57 GMT https://community.extremenetworks.com/t5/aerohive-migrated-content/radsec-established-but-no-certificate/m-p/85394#M10667 marek_szymonski 2018-04-12T14:03:57Z